Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
2017-05-11T17:42:11Z DEBUG Logging to /var/log/ipaserver-install.log 2017-05-11T17:42:11Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'ignore_topology_disconnect': None, 'verbose': False, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'http_cert_files': None, 'no_ntp': None, 'reverse_zones': None, 'no_forwarders': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'subject': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'ignore_last_of_role': None, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': None, 'uninstall': False} 2017-05-11T17:42:11Z DEBUG IPA version 4.4.0-14.el7.centos.7 2017-05-11T17:42:11Z DEBUG Starting external process 2017-05-11T17:42:11Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:42:11Z DEBUG Process finished, return code=0 2017-05-11T17:42:11Z DEBUG stdout= 2017-05-11T17:42:11Z DEBUG stderr= 2017-05-11T17:42:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:11Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:11Z DEBUG httpd is not configured 2017-05-11T17:42:11Z DEBUG kadmin is not configured 2017-05-11T17:42:11Z DEBUG dirsrv is not configured 2017-05-11T17:42:11Z DEBUG pki-tomcatd is not configured 2017-05-11T17:42:11Z DEBUG install is not configured 2017-05-11T17:42:11Z DEBUG krb5kdc is not configured 2017-05-11T17:42:11Z DEBUG ntpd is not configured 2017-05-11T17:42:11Z DEBUG named is not configured 2017-05-11T17:42:11Z DEBUG ipa_memcached is not configured 2017-05-11T17:42:11Z DEBUG filestore is tracking no files 2017-05-11T17:42:11Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2017-05-11T17:42:11Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:11Z DEBUG Starting external process 2017-05-11T17:42:11Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2017-05-11T17:42:11Z DEBUG Process finished, return code=1 2017-05-11T17:42:11Z DEBUG stdout= 2017-05-11T17:42:11Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory 2017-05-11T17:42:11Z DEBUG Starting external process 2017-05-11T17:42:11Z DEBUG args=/bin/systemctl is-active chronyd.service 2017-05-11T17:42:11Z DEBUG Process finished, return code=3 2017-05-11T17:42:11Z DEBUG stdout=unknown 2017-05-11T17:42:11Z DEBUG stderr= 2017-05-11T17:42:11Z DEBUG Starting external process 2017-05-11T17:42:11Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2017-05-11T17:42:11Z DEBUG Process finished, return code=0 2017-05-11T17:42:11Z DEBUG stdout=VirtualHost configuration: *:8443 ipa.rdlg.net (/etc/httpd/conf.d/nss.conf:83) 2017-05-11T17:42:11Z DEBUG stderr= 2017-05-11T17:42:39Z DEBUG Check if ipa.rdlg.net is a primary hostname for localhost 2017-05-11T17:42:39Z DEBUG Primary hostname for localhost: ipa.rdlg.net 2017-05-11T17:42:39Z DEBUG Search DNS for ipa.rdlg.net 2017-05-11T17:42:39Z DEBUG Check if ipa.rdlg.net is not a CNAME 2017-05-11T17:42:39Z DEBUG Check reverse address of 172.20.0.200 2017-05-11T17:42:39Z DEBUG Found reverse name: ipa.rdlg.net 2017-05-11T17:42:39Z DEBUG will use host_name: ipa.rdlg.net 2017-05-11T17:42:40Z DEBUG read domain_name: rdlg.net 2017-05-11T17:42:40Z DEBUG read realm_name: RDLG.NET 2017-05-11T17:42:55Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:42:55Z DEBUG Starting external process 2017-05-11T17:42:55Z DEBUG args=klist -V 2017-05-11T17:42:55Z DEBUG Process finished, return code=0 2017-05-11T17:42:55Z DEBUG stdout=Kerberos 5 version 1.14.1 2017-05-11T17:42:55Z DEBUG stderr= 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:42:55Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:42:55Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:42:55Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:42:56Z DEBUG Name ipa.rdlg.net. resolved to set([UnsafeIPAddress('2001:470:4b:57c::200'), UnsafeIPAddress('172.20.0.200')]) 2017-05-11T17:42:56Z WARNING Invalid IP address 2001:470:4b:57c::200 for ipa.rdlg.net: no network interface matches the IP address and netmask 2001:470:4b:57c::200 2017-05-11T17:42:59Z DEBUG group dirsrv exists 2017-05-11T17:42:59Z DEBUG user dirsrv exists 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=1 2017-05-11T17:42:59Z DEBUG stdout= 2017-05-11T17:42:59Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl is-active chronyd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=3 2017-05-11T17:42:59Z DEBUG stdout=unknown 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:59Z DEBUG Configuring NTP daemon (ntpd) 2017-05-11T17:42:59Z DEBUG [1/4]: stopping ntpd 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl is-active ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=3 2017-05-11T17:42:59Z DEBUG stdout=unknown 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl stop ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=0 2017-05-11T17:42:59Z DEBUG stdout= 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG duration: 0 seconds 2017-05-11T17:42:59Z DEBUG [2/4]: writing configuration 2017-05-11T17:42:59Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2017-05-11T17:42:59Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:59Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2017-05-11T17:42:59Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:59Z DEBUG duration: 0 seconds 2017-05-11T17:42:59Z DEBUG [3/4]: configuring ntpd to start on boot 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl is-enabled ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=1 2017-05-11T17:42:59Z DEBUG stdout=disabled 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl enable ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=0 2017-05-11T17:42:59Z DEBUG stdout= 2017-05-11T17:42:59Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service. 2017-05-11T17:42:59Z DEBUG duration: 0 seconds 2017-05-11T17:42:59Z DEBUG [4/4]: starting ntpd 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl start ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=0 2017-05-11T17:42:59Z DEBUG stdout= 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/bin/systemctl is-active ntpd.service 2017-05-11T17:42:59Z DEBUG Process finished, return code=0 2017-05-11T17:42:59Z DEBUG stdout=active 2017-05-11T17:42:59Z DEBUG stderr= 2017-05-11T17:42:59Z DEBUG duration: 0 seconds 2017-05-11T17:42:59Z DEBUG Done configuring NTP daemon (ntpd). 2017-05-11T17:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute 2017-05-11T17:42:59Z DEBUG [1/47]: creating directory server user 2017-05-11T17:42:59Z DEBUG group dirsrv exists 2017-05-11T17:42:59Z DEBUG user dirsrv exists 2017-05-11T17:42:59Z DEBUG duration: 0 seconds 2017-05-11T17:42:59Z DEBUG [2/47]: creating directory server instance 2017-05-11T17:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:42:59Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2017-05-11T17:42:59Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:42:59Z DEBUG dn: dc=rdlg,dc=net objectClass: top objectClass: domain objectClass: pilotObject dc: rdlg info: IPA V2.0 2017-05-11T17:42:59Z DEBUG writing inf template 2017-05-11T17:42:59Z DEBUG [General] FullMachineName= ipa.rdlg.net SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= RDLG-NET Suffix= dc=rdlg,dc=net RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:42:59Z DEBUG calling setup-ds.pl 2017-05-11T17:42:59Z DEBUG Starting external process 2017-05-11T17:42:59Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpagpjEw 2017-05-11T17:43:02Z DEBUG Process finished, return code=0 2017-05-11T17:43:02Z DEBUG stdout=[17/05/11:11:43:02] - [Setup] Info Your new DS instance 'RDLG-NET' was successfully created. Your new DS instance 'RDLG-NET' was successfully created. [17/05/11:11:43:02] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2017-05-11T17:43:02Z DEBUG stderr= 2017-05-11T17:43:02Z DEBUG completed creating ds instance 2017-05-11T17:43:02Z DEBUG duration: 2 seconds 2017-05-11T17:43:02Z DEBUG [3/47]: updating configuration in dse.ldif 2017-05-11T17:43:02Z DEBUG Starting external process 2017-05-11T17:43:02Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG duration: 1 seconds 2017-05-11T17:43:03Z DEBUG [4/47]: restarting directory server 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl --system daemon-reload 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=active 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=active 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [5/47]: adding default schema 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [6/47]: enabling memberof plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpznbt9L 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [7/47]: enabling winsync plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpzFF4hD 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [8/47]: configuring replication version plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpW6bveY 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [9/47]: enabling IPA enrollment plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpoXLWB0 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpSMQHvK 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=rdlg,dc=net adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [10/47]: enabling ldapi 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpeylhii -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpG7N9a2 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=replace nsslapd-ldapilisten: on modifying entry "cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [11/47]: configuring uniqueness plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp_Z0Ruf -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpnmcbgM 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=rdlg,dc=net add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=rdlg,dc=net add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=rdlg,dc=net add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=rdlg,dc=net add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=rdlg,dc=net add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [12/47]: configuring uuid plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpSCve10 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmponzz_U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpzAazt6 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=rdlg,dc=net add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=rdlg,dc=net add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [13/47]: configuring modrdn plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpznBLoO 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpXxgILa -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpDSxfhW 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @RDLG.NET add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=rdlg,dc=net adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @RDLG.NET add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=rdlg,dc=net adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [14/47]: configuring DNS plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpTHtYrB 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [15/47]: enabling entryUSN plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpnZZBPm 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [16/47]: configuring lockout plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp6ndBzl 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [17/47]: configuring topology plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpWLEbE_ -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpXPk4QG 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=rdlg,dc=net add nsslapd-topo-plugin-shared-replica-root: dc=rdlg,dc=net o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [18/47]: creating indices 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpw4YZrh 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectClass: top nsIndex add cn: krbPrincipalName add nsSystemIndex: false add nsIndexType: eq sub add nsMatchingRule: caseIgnoreIA5Match caseExactIA5Match adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: ou add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: carLicense add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: title add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: manager add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: secretary add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: displayname add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add nsIndexType: sub modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: uidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: gidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: fqdn add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: macAddress add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberHost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberUser add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: sourcehost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberservice add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: managedby add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberallowcmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberdenycmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunas add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunasgroup add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: automountkey add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipakrbprincipalalias add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipauniqueid add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCa add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCertProfile add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: userCertificate add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipalocation add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: krbCanonicalName add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [19/47]: enabling referential integrity plugin 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpJXAOeB 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [20/47]: configuring certmap.conf 2017-05-11T17:43:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [21/47]: configure autobind for root 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpHcXxjR 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add objectClass: extensibleObject top add cn: root-autobind add uidNumber: 0 add gidNumber: 0 adding new entry "cn=root-autobind,cn=config" modify complete replace nsslapd-ldapiautobind: on modifying entry "cn=config" modify complete replace nsslapd-ldapimaptoentries: on modifying entry "cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [22/47]: configure new location for managed entries 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpEVvvOW -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpOCRkXh 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [23/47]: configure dirsrv ccache 2017-05-11T17:43:03Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2017-05-11T17:43:03Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [24/47]: enabling SASL mapping fallback 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpzBDhof -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpcF9YQr 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete 2017-05-11T17:43:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:03Z DEBUG duration: 0 seconds 2017-05-11T17:43:03Z DEBUG [25/47]: restarting directory server 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl --system daemon-reload 2017-05-11T17:43:03Z DEBUG Process finished, return code=0 2017-05-11T17:43:03Z DEBUG stdout= 2017-05-11T17:43:03Z DEBUG stderr= 2017-05-11T17:43:03Z DEBUG Starting external process 2017-05-11T17:43:03Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service 2017-05-11T17:43:04Z DEBUG Process finished, return code=0 2017-05-11T17:43:04Z DEBUG stdout= 2017-05-11T17:43:04Z DEBUG stderr= 2017-05-11T17:43:04Z DEBUG Starting external process 2017-05-11T17:43:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:04Z DEBUG Process finished, return code=0 2017-05-11T17:43:04Z DEBUG stdout=active 2017-05-11T17:43:04Z DEBUG stderr= 2017-05-11T17:43:04Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:43:04Z DEBUG Starting external process 2017-05-11T17:43:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:04Z DEBUG Process finished, return code=0 2017-05-11T17:43:04Z DEBUG stdout=active 2017-05-11T17:43:04Z DEBUG stderr= 2017-05-11T17:43:04Z DEBUG duration: 0 seconds 2017-05-11T17:43:04Z DEBUG [26/47]: adding sasl mappings to the directory 2017-05-11T17:43:04Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:43:04Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x55e96c8> 2017-05-11T17:43:04Z DEBUG duration: 0 seconds 2017-05-11T17:43:04Z DEBUG [27/47]: adding default layout 2017-05-11T17:43:04Z DEBUG Starting external process 2017-05-11T17:43:04Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp0cABtj -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpeHOctK 2017-05-11T17:43:05Z DEBUG Process finished, return code=0 2017-05-11T17:43:05Z DEBUG stdout=add objectClass: top nsContainer add cn: accounts adding new entry "cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: users adding new entry "cn=users,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: groups adding new entry "cn=groups,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: services adding new entry "cn=services,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: computers adding new entry "cn=computers,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: hostgroups adding new entry "cn=hostgroups,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: nsContainer add cn: alt adding new entry "cn=alt,dc=rdlg,dc=net" modify complete add objectClass: nsContainer add cn: ng adding new entry "cn=ng,cn=alt,dc=rdlg,dc=net" modify complete add objectClass: nsContainer add cn: automount adding new entry "cn=automount,dc=rdlg,dc=net" modify complete add objectClass: nsContainer add cn: default adding new entry "cn=default,cn=automount,dc=rdlg,dc=net" modify complete add objectClass: automountMap add automountMapName: auto.master adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net" modify complete add objectClass: automountMap add automountMapName: auto.direct adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=rdlg,dc=net" modify complete add objectClass: automount add automountKey: /- add automountInformation: auto.direct add description: /- auto.direct adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: hbac adding new entry "cn=hbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: hbacservices adding new entry "cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: hbacservicegroups adding new entry "cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: sudo adding new entry "cn=sudo,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: sudocmds adding new entry "cn=sudocmds,cn=sudo,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: sudocmdgroups adding new entry "cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: sudorules adding new entry "cn=sudorules,cn=sudo,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: etc adding new entry "cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: locations adding new entry "cn=locations,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: sysaccounts adding new entry "cn=sysaccounts,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: ipa adding new entry "cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: masters adding new entry "cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: replicas adding new entry "cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: dna adding new entry "cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: posix-ids adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: ca_renewal adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: certificates adding new entry "cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: custodia adding new entry "cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: dogtag adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: s4u2proxy adding new entry "cn=s4u2proxy,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: ipaKrb5DelegationACL groupOfPrincipals top add cn: ipa-http-delegation add memberPrincipal: HTTP/ipa.rdlg.net@RDLG.NET add ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: groupOfPrincipals top add cn: ipa-ldap-delegation-targets add memberPrincipal: ldap/ipa.rdlg.net@RDLG.NET adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: groupOfPrincipals top add cn: ipa-cifs-delegation-targets adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: top person posixaccount krbprincipalaux krbticketpolicyaux inetuser ipaobject ipasshuser add uid: admin add krbPrincipalName: admin@RDLG.NET add cn: Administrator add sn: Administrator add uidNumber: 1301600000 add gidNumber: 1301600000 add homeDirectory: /home/admin add loginShell: /bin/bash add gecos: Administrator add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add cn: admins add description: Account administrators group add gidNumber: 1301600000 add member: uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup ipausergroup ipaobject add description: Default group for all users add cn: ipausers add ipaUniqueID: autogenerate adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add gidNumber: 1301600002 add description: Limited admins who can edit other users add cn: editors add ipaUniqueID: autogenerate adding new entry "cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top groupOfNames nestedGroup ipaobject ipahostgroup add description: IPA server hosts add cn: ipaservers add ipaUniqueID: autogenerate adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: sshd add description: sshd add ipauniqueid: autogenerate adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: ftp add description: ftp add ipauniqueid: autogenerate adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: su add description: su add ipauniqueid: autogenerate adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: login add description: login add ipauniqueid: autogenerate adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: su-l add description: su with login shell add ipauniqueid: autogenerate adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo add description: sudo add ipauniqueid: autogenerate adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo-i add description: sudo-i add ipauniqueid: autogenerate adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm add description: gdm add ipauniqueid: autogenerate adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm-password add description: gdm-password add ipauniqueid: autogenerate adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectclass: ipahbacservice ipaobject add cn: kdm add description: kdm add ipauniqueid: autogenerate adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net" modify complete add objectClass: ipaobject ipahbacservicegroup nestedGroup groupOfNames top add cn: Sudo add ipauniqueid: autogenerate add description: Default group of Sudo related services add member: cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top ipaGuiConfig ipaConfigObject add ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title add ipaGroupSearchFields: cn,description add ipaSearchTimeLimit: 2 add ipaSearchRecordsLimit: 100 add ipaHomesRootDir: /home add ipaDefaultLoginShell: /bin/sh add ipaDefaultPrimaryGroup: ipausers add ipaMaxUsernameLength: 32 add ipaPwdExpAdvNotify: 4 add ipaGroupObjectClasses: top groupofnames nestedgroup ipausergroup ipaobject add ipaUserObjectClasses: top person organizationalperson inetorgperson inetuser posixaccount krbprincipalaux krbticketpolicyaux ipaobject ipasshuser add ipaDefaultEmailDomain: rdlg.net add ipaMigrationEnabled: FALSE add ipaConfigString: AllowNThash add ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 add ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 adding new entry "cn=ipaConfig,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: top nsContainer add cn: cosTemplates adding new entry "cn=cosTemplates,cn=accounts,dc=rdlg,dc=net" modify complete add description: Password Policy based on group membership add objectClass: top ldapsubentry cosSuperDefinition cosClassicDefinition add cosTemplateDn: cn=cosTemplates,cn=accounts,dc=rdlg,dc=net add cosAttribute: krbPwdPolicyReference override add cosSpecifier: memberOf adding new entry "cn=Password Policy,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: selinux adding new entry "cn=selinux,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: usermap adding new entry "cn=usermap,cn=selinux,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: ranges adding new entry "cn=ranges,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: top ipaIDrange ipaDomainIDRange add cn: RDLG.NET_id_range add ipaBaseID: 1301600000 add ipaIDRangeSize: 200000 add ipaRangeType: ipa-local adding new entry "cn=RDLG.NET_id_range,cn=ranges,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: ca adding new entry "cn=ca,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: certprofiles adding new entry "cn=certprofiles,cn=ca,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: caacls adding new entry "cn=caacls,cn=ca,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: cas adding new entry "cn=cas,cn=ca,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:05Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:05Z DEBUG duration: 0 seconds 2017-05-11T17:43:05Z DEBUG [28/47]: adding delegation layout 2017-05-11T17:43:05Z DEBUG Starting external process 2017-05-11T17:43:05Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi_dRqO -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpf9QeY1 2017-05-11T17:43:05Z DEBUG Process finished, return code=0 2017-05-11T17:43:05Z DEBUG stdout=add objectClass: top nsContainer add cn: roles adding new entry "cn=roles,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: pbac adding new entry "cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: privileges adding new entry "cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: permissions adding new entry "cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: helpdesk add description: Helpdesk adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: User Administrators add description: User Administrators adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Group Administrators add description: Group Administrators adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Administrators add description: Host Administrators adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Group Administrators add description: Host Group Administrators adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Delegation Administrator add description: Role administration adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Administrators add description: DNS Administrators adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Servers add description: DNS Servers adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Service Administrators add description: Service Administrators adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Automount Administrators add description: Automount Administrators adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Netgroups Administrators add description: Netgroups Administrators adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Certificate Administrators add description: Certificate Administrators adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Replication Administrators add description: Replication Administrators add member: cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Enrollment add description: Host Enrollment adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Administrators add description: Stage User Administrators adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Provisioning add description: Stage User Provisioning adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Add Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Modify Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Read Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Remove Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Modify DNA Range add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer add cn: virtual operations adding new entry "cn=virtual operations,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Retrieve Certificates from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificates from a different host add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Get Certificates status from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Revoke Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete add objectClass: top groupofnames ipapermission add cn: Certificate Remove Hold add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "dc=rdlg,dc=net" modify complete 2017-05-11T17:43:05Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:05Z DEBUG duration: 0 seconds 2017-05-11T17:43:05Z DEBUG [29/47]: creating container for managed entries 2017-05-11T17:43:05Z DEBUG Starting external process 2017-05-11T17:43:05Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp1cN3zb -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpPleI6p 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectClass: nsContainer top add cn: Managed Entries adding new entry "cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: Templates adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete add objectClass: nsContainer top add cn: Definitions adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [30/47]: configuring user private groups 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptBCTCA -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpjp9iTZ 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: UPG Template add mepRDNAttr: cn add mepStaticAttr: objectclass: posixgroup objectclass: ipaobject ipaUniqueId: autogenerate add mepMappedAttr: cn: $uid gidNumber: $uidNumber description: User private group for $uid adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: extensibleObject add cn: UPG Definition add originScope: cn=users,cn=accounts,dc=rdlg,dc=net add originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__))) add managedBase: cn=groups,cn=accounts,dc=rdlg,dc=net add managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [31/47]: configuring netgroups from hostgroups 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptBH4hE -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpxYmsVi 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: NGP HGP Template add mepRDNAttr: cn add mepStaticAttr: ipaUniqueId: autogenerate objectclass: ipanisnetgroup objectclass: ipaobject nisDomainName: rdlg.net add mepMappedAttr: cn: $cn memberHost: $dn description: ipaNetgroup $cn adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: extensibleObject add cn: NGP Definition add originScope: cn=hostgroups,cn=accounts,dc=rdlg,dc=net add originFilter: objectclass=ipahostgroup add managedBase: cn=ng,cn=alt,dc=rdlg,dc=net add managedTemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [32/47]: creating default Sudo bind user 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpLMhcPm -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpB9nkpS 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: account simplesecurityobject add uid: sudo add userPassword: XXXXXXXX add passwordExpirationTime: 20380119031407Z add nsIdleTimeout: 0 adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [33/47]: creating default Auto Member layout 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi5mIWs -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpWMQuiY 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=automember,cn=etc,dc=rdlg,dc=net modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" modify complete add objectClass: top nsContainer add cn: automember adding new entry "cn=automember,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: autoMemberDefinition add cn: Hostgroup add autoMemberScope: cn=computers,cn=accounts,dc=rdlg,dc=net add autoMemberFilter: objectclass=ipaHost add autoMemberGroupingAttr: member:dn adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: autoMemberDefinition add cn: Group add autoMemberScope: cn=users,cn=accounts,dc=rdlg,dc=net add autoMemberFilter: objectclass=posixAccount add autoMemberGroupingAttr: member:dn adding new entry "cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [34/47]: adding range check plugin 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpOpiXGP -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpguWEIV 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Range-Check add nsslapd-pluginpath: libipa_range_check add nsslapd-plugininitfunc: ipa_range_check_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_range_check_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Range-Check plugin add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=rdlg,dc=net adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [35/47]: creating default HBAC rule allow_all 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpxxb7l5 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpvRAwFp 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: ipaassociation ipahbacrule add cn: allow_all add accessruletype: allow add usercategory: all add hostcategory: all add servicecategory: all add ipaenabledflag: TRUE add description: Allow all users to access any host from any host add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [36/47]: adding sasl mappings to the directory 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [37/47]: adding entries for topology management 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpfu0cFM -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpe96Z50 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectclass: top nsContainer add cn: topology adding new entry "cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add objectclass: top iparepltopoconf add ipaReplTopoConfRoot: dc=rdlg,dc=net add nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount add nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount add nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp add cn: domain adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG duration: 0 seconds 2017-05-11T17:43:06Z DEBUG [38/47]: initializing group membership 2017-05-11T17:43:06Z DEBUG Starting external process 2017-05-11T17:43:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpNDLlF8 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpGQQeqg 2017-05-11T17:43:06Z DEBUG Process finished, return code=0 2017-05-11T17:43:06Z DEBUG stdout=add objectClass: top extensibleObject add cn: IPA install add basedn: dc=rdlg,dc=net add filter: (objectclass=*) add ttl: 10 adding new entry "cn=IPA install 1494524579, cn=memberof task, cn=tasks, cn=config" modify complete 2017-05-11T17:43:06Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:06Z DEBUG Waiting for memberof task to complete. 2017-05-11T17:43:07Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:43:07Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x5836200> 2017-05-11T17:43:07Z DEBUG duration: 1 seconds 2017-05-11T17:43:07Z DEBUG [39/47]: adding master entry 2017-05-11T17:43:07Z DEBUG Starting external process 2017-05-11T17:43:07Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpJuv9Un -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmprig6Kj 2017-05-11T17:43:07Z DEBUG Process finished, return code=0 2017-05-11T17:43:07Z DEBUG stdout=add objectclass: top nsContainer ipaReplTopoManagedServer ipaConfigObject ipaSupportedDomainLevelConfig add cn: ipa.rdlg.net add ipaReplTopoManagedSuffix: dc=rdlg,dc=net add ipaMinDomainLevel: 0 add ipaMaxDomainLevel: 1 adding new entry "cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:07Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:07Z DEBUG duration: 0 seconds 2017-05-11T17:43:07Z DEBUG [40/47]: initializing domain level 2017-05-11T17:43:07Z DEBUG Starting external process 2017-05-11T17:43:07Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpvISQ9s -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptXVfV9 2017-05-11T17:43:07Z DEBUG Process finished, return code=0 2017-05-11T17:43:07Z DEBUG stdout=add objectClass: top nsContainer ipaDomainLevelConfig add ipaDomainLevel: 1 adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete 2017-05-11T17:43:07Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:07Z DEBUG duration: 0 seconds 2017-05-11T17:43:07Z DEBUG [41/47]: configuring Posix uid/gid generation 2017-05-11T17:43:07Z DEBUG Starting external process 2017-05-11T17:43:07Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpIJRnBS -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmphQoLwT 2017-05-11T17:43:07Z DEBUG Process finished, return code=0 2017-05-11T17:43:07Z DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 1301600000 add dnaMaxValue: 1301799999 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=rdlg,dc=net add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete 2017-05-11T17:43:07Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:07Z DEBUG duration: 0 seconds 2017-05-11T17:43:07Z DEBUG [42/47]: adding replication acis 2017-05-11T17:43:07Z DEBUG Starting external process 2017-05-11T17:43:07Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpZXR44c -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpNkTeSN 2017-05-11T17:43:07Z DEBUG Process finished, return code=0 2017-05-11T17:43:07Z DEBUG stdout=add aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) modifying entry "cn=tasks,cn=config" modify complete 2017-05-11T17:43:07Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:07Z DEBUG duration: 0 seconds 2017-05-11T17:43:07Z DEBUG [43/47]: enabling compatibility plugin 2017-05-11T17:43:07Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:43:07Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:43:07Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:43:07Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:43:08Z DEBUG Created connection context.ldap2_99189456 2017-05-11T17:43:08Z DEBUG Destroyed connection context.ldap2_99189456 2017-05-11T17:43:08Z DEBUG Created connection context.ldap2_99189456 2017-05-11T17:43:08Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif' 2017-05-11T17:43:08Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:43:08Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7bd1fc8> 2017-05-11T17:43:08Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:08Z DEBUG --------------------------------------------- 2017-05-11T17:43:08Z DEBUG Initial value 2017-05-11T17:43:08Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG nsslapd-pluginid: 2017-05-11T17:43:09Z DEBUG schema-compat-plugin 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG Schema Compatibility 2017-05-11T17:43:09Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:43:09Z DEBUG on 2017-05-11T17:43:09Z DEBUG objectclass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG nsSlapdPlugin 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG nsslapd-plugindescription: 2017-05-11T17:43:09Z DEBUG Schema Compatibility Plugin 2017-05-11T17:43:09Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:43:09Z DEBUG on 2017-05-11T17:43:09Z DEBUG nsslapd-pluginpath: 2017-05-11T17:43:09Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:43:09Z DEBUG nsslapd-pluginversion: 2017-05-11T17:43:09Z DEBUG 0.8 2017-05-11T17:43:09Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:43:09Z DEBUG redhat.com 2017-05-11T17:43:09Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:43:09Z DEBUG 40 2017-05-11T17:43:09Z DEBUG nsslapd-plugintype: 2017-05-11T17:43:09Z DEBUG object 2017-05-11T17:43:09Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:43:09Z DEBUG schema_compat_plugin_init 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG nsslapd-pluginid: 2017-05-11T17:43:09Z DEBUG schema-compat-plugin 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG Schema Compatibility 2017-05-11T17:43:09Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:43:09Z DEBUG on 2017-05-11T17:43:09Z DEBUG objectclass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG nsSlapdPlugin 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG nsslapd-plugindescription: 2017-05-11T17:43:09Z DEBUG Schema Compatibility Plugin 2017-05-11T17:43:09Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:43:09Z DEBUG on 2017-05-11T17:43:09Z DEBUG nsslapd-pluginpath: 2017-05-11T17:43:09Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:43:09Z DEBUG nsslapd-pluginversion: 2017-05-11T17:43:09Z DEBUG 0.8 2017-05-11T17:43:09Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:43:09Z DEBUG redhat.com 2017-05-11T17:43:09Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:43:09Z DEBUG 40 2017-05-11T17:43:09Z DEBUG nsslapd-plugintype: 2017-05-11T17:43:09Z DEBUG object 2017-05-11T17:43:09Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:43:09Z DEBUG schema_compat_plugin_init 2017-05-11T17:43:09Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG cn=%{cn} 2017-05-11T17:43:09Z DEBUG objectclass=posixAccount 2017-05-11T17:43:09Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:43:09Z DEBUG gecos=%{cn} 2017-05-11T17:43:09Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:43:09Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG loginShell=%{loginShell} 2017-05-11T17:43:09Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG users 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG objectclass=posixAccount 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=users 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG uid=%{uid} 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG cn=%{cn} 2017-05-11T17:43:09Z DEBUG objectclass=posixAccount 2017-05-11T17:43:09Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:43:09Z DEBUG gecos=%{cn} 2017-05-11T17:43:09Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:43:09Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG loginShell=%{loginShell} 2017-05-11T17:43:09Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG users 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG objectclass=posixAccount 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=users 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG uid=%{uid} 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:43:09Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:43:09Z DEBUG objectclass=posixGroup 2017-05-11T17:43:09Z DEBUG memberUid=%{memberUid} 2017-05-11T17:43:09Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG groups 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG objectclass=posixGroup 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=groups 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG cn=%{cn} 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:43:09Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:43:09Z DEBUG objectclass=posixGroup 2017-05-11T17:43:09Z DEBUG memberUid=%{memberUid} 2017-05-11T17:43:09Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:43:09Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG groups 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG objectclass=posixGroup 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=groups 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG cn=%{cn} 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG add: 'top' to objectClass, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['top'] 2017-05-11T17:43:09Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2017-05-11T17:43:09Z DEBUG add: updated value ['top', 'extensibleObject'] 2017-05-11T17:43:09Z DEBUG add: 'ng' to cn, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['ng'] 2017-05-11T17:43:09Z DEBUG add: 'cn=compat, dc=rdlg,dc=net' to schema-compat-container-group, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['cn=compat, dc=rdlg,dc=net'] 2017-05-11T17:43:09Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['cn=ng'] 2017-05-11T17:43:09Z DEBUG add: 'yes' to schema-compat-check-access, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['yes'] 2017-05-11T17:43:09Z DEBUG add: 'cn=ng, cn=alt, dc=rdlg,dc=net' to schema-compat-search-base, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['cn=ng, cn=alt, dc=rdlg,dc=net'] 2017-05-11T17:43:09Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)'] 2017-05-11T17:43:09Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['cn=%{cn}'] 2017-05-11T17:43:09Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=nisNetgroup'] 2017-05-11T17:43:09Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup'] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] 2017-05-11T17:43:09Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup'] 2017-05-11T17:43:09Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'] 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2017-05-11T17:43:09Z DEBUG objectclass=nisNetgroup 2017-05-11T17:43:09Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) 2017-05-11T17:43:09Z DEBUG schema-compat-check-access: 2017-05-11T17:43:09Z DEBUG yes 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG ng 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG (objectclass=ipaNisNetgroup) 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=ng 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG cn=%{cn} 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=ng, cn=alt, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG add: 'top' to objectClass, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['top'] 2017-05-11T17:43:09Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2017-05-11T17:43:09Z DEBUG add: updated value ['top', 'extensibleObject'] 2017-05-11T17:43:09Z DEBUG add: 'sudoers' to cn, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoers'] 2017-05-11T17:43:09Z DEBUG add: 'ou=SUDOers, dc=rdlg,dc=net' to schema-compat-container-group, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['ou=SUDOers, dc=rdlg,dc=net'] 2017-05-11T17:43:09Z DEBUG add: 'cn=sudorules, cn=sudo, dc=rdlg,dc=net' to schema-compat-search-base, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=rdlg,dc=net'] 2017-05-11T17:43:09Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))'] 2017-05-11T17:43:09Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2017-05-11T17:43:09Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value [] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:43:09Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:43:09Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:43:09Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:43:09Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:43:09Z DEBUG objectclass=sudoRole 2017-05-11T17:43:09Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:43:09Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:43:09Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:43:09Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:43:09Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:43:09Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:43:09Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:43:09Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:43:09Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:43:09Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG sudoers 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG objectclass=device 2017-05-11T17:43:09Z DEBUG cn=%{fqdn} 2017-05-11T17:43:09Z DEBUG macAddress=%{macAddress} 2017-05-11T17:43:09Z DEBUG objectclass=ieee802Device 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG computers 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=computers 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG cn=%first("%{fqdn}") 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:43:09Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:43:09Z DEBUG objectclass=device 2017-05-11T17:43:09Z DEBUG cn=%{fqdn} 2017-05-11T17:43:09Z DEBUG macAddress=%{macAddress} 2017-05-11T17:43:09Z DEBUG objectclass=ieee802Device 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG computers 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG extensibleObject 2017-05-11T17:43:09Z DEBUG schema-compat-search-filter: 2017-05-11T17:43:09Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2017-05-11T17:43:09Z DEBUG schema-compat-container-rdn: 2017-05-11T17:43:09Z DEBUG cn=computers 2017-05-11T17:43:09Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:43:09Z DEBUG cn=%first("%{fqdn}") 2017-05-11T17:43:09Z DEBUG schema-compat-search-base: 2017-05-11T17:43:09Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG schema-compat-container-group: 2017-05-11T17:43:09Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:43:09Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Initial value 2017-05-11T17:43:09Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG directoryServerFeature 2017-05-11T17:43:09Z DEBUG aci: 2017-05-11T17:43:09Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) 2017-05-11T17:43:09Z DEBUG oid: 2017-05-11T17:43:09Z DEBUG 2.16.840.1.113730.3.4.9 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG VLV Request Control 2017-05-11T17:43:09Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'] 2017-05-11T17:43:09Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'] 2017-05-11T17:43:09Z DEBUG --------------------------------------------- 2017-05-11T17:43:09Z DEBUG Final value after applying updates 2017-05-11T17:43:09Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2017-05-11T17:43:09Z DEBUG objectClass: 2017-05-11T17:43:09Z DEBUG top 2017-05-11T17:43:09Z DEBUG directoryServerFeature 2017-05-11T17:43:09Z DEBUG aci: 2017-05-11T17:43:09Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) 2017-05-11T17:43:09Z DEBUG oid: 2017-05-11T17:43:09Z DEBUG 2.16.840.1.113730.3.4.9 2017-05-11T17:43:09Z DEBUG cn: 2017-05-11T17:43:09Z DEBUG VLV Request Control 2017-05-11T17:43:09Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])] 2017-05-11T17:43:09Z DEBUG Updated 1 2017-05-11T17:43:09Z DEBUG Done 2017-05-11T17:43:09Z DEBUG Destroyed connection context.ldap2_99189456 2017-05-11T17:43:09Z DEBUG duration: 1 seconds 2017-05-11T17:43:09Z DEBUG [44/47]: activating sidgen plugin 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptyJvAN -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmphpj_cx 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA SIDGEN add nsslapd-pluginpath: libipa_sidgen add nsslapd-plugininitfunc: ipa_sidgen_init add nsslapd-plugintype: postoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_sidgen_postop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA SIDGEN post operation add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=rdlg,dc=net adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" modify complete 2017-05-11T17:43:09Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:09Z DEBUG duration: 0 seconds 2017-05-11T17:43:09Z DEBUG [45/47]: activating extdom plugin 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6IfH8g -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpBVejpS 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_extdom_extop add nsslapd-pluginpath: libipa_extdom_extop add nsslapd-plugininitfunc: ipa_extdom_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_extdom_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support resolving IDs in trusted domains to names and back add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=rdlg,dc=net adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" modify complete 2017-05-11T17:43:09Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:09Z DEBUG duration: 0 seconds 2017-05-11T17:43:09Z DEBUG [46/47]: tuning directory server 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout= 2017-05-11T17:43:09Z DEBUG stderr= 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv.systemd 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout= 2017-05-11T17:43:09Z DEBUG stderr= 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/bin/systemctl --system daemon-reload 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout= 2017-05-11T17:43:09Z DEBUG stderr= 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/bin/systemctl --system daemon-reload 2017-05-11T17:43:09Z DEBUG Process finished, return code=0 2017-05-11T17:43:09Z DEBUG stdout= 2017-05-11T17:43:09Z DEBUG stderr= 2017-05-11T17:43:09Z DEBUG Starting external process 2017-05-11T17:43:09Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service 2017-05-11T17:43:10Z DEBUG Process finished, return code=0 2017-05-11T17:43:10Z DEBUG stdout= 2017-05-11T17:43:10Z DEBUG stderr= 2017-05-11T17:43:10Z DEBUG Starting external process 2017-05-11T17:43:10Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:10Z DEBUG Process finished, return code=0 2017-05-11T17:43:10Z DEBUG stdout=active 2017-05-11T17:43:10Z DEBUG stderr= 2017-05-11T17:43:10Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:43:10Z DEBUG Starting external process 2017-05-11T17:43:10Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:43:10Z DEBUG Process finished, return code=0 2017-05-11T17:43:10Z DEBUG stdout=active 2017-05-11T17:43:10Z DEBUG stderr= 2017-05-11T17:43:10Z DEBUG Starting external process 2017-05-11T17:43:10Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpPhr_IO -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpFu0Gli 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout=replace nsslapd-maxdescriptors: 8192 replace nsslapd-reservedescriptors: 64 modifying entry "cn=config" modify complete 2017-05-11T17:43:11Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base ) 2017-05-11T17:43:11Z DEBUG duration: 1 seconds 2017-05-11T17:43:11Z DEBUG [47/47]: configuring directory to start on boot 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl is-enabled dirsrv@RDLG-NET.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout=enabled 2017-05-11T17:43:11Z DEBUG stderr= 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl disable dirsrv@RDLG-NET.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout= 2017-05-11T17:43:11Z DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv@RDLG-NET.service. 2017-05-11T17:43:11Z DEBUG duration: 0 seconds 2017-05-11T17:43:11Z DEBUG Done configuring directory server (dirsrv). 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl is-active ntpd.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout=active 2017-05-11T17:43:11Z DEBUG stderr= 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl disable ntpd.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout= 2017-05-11T17:43:11Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service. 2017-05-11T17:43:11Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:43:11Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x576c5f0> 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl start ntpd.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout= 2017-05-11T17:43:11Z DEBUG stderr= 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/bin/systemctl is-active ntpd.service 2017-05-11T17:43:11Z DEBUG Process finished, return code=0 2017-05-11T17:43:11Z DEBUG stdout=active 2017-05-11T17:43:11Z DEBUG stderr= 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds 2017-05-11T17:43:11Z DEBUG [1/31]: creating certificate server user 2017-05-11T17:43:11Z DEBUG group pkiuser exists 2017-05-11T17:43:11Z DEBUG user pkiuser exists 2017-05-11T17:43:11Z DEBUG duration: 0 seconds 2017-05-11T17:43:11Z DEBUG [2/31]: configuring certificate server instance 2017-05-11T17:43:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:43:11Z DEBUG Contents of pkispawn configuration file (/tmp/tmpLkvtmP): [CA] pki_security_domain_name = IPA pki_enable_proxy = True pki_restart_configured_instance = False pki_backup_keys = True pki_backup_password = XXXXXXXX pki_profiles_in_ldap = True pki_default_ocsp_uri = http://ipa-ca.rdlg.net/ca/ocsp pki_client_database_dir = /tmp/tmp-5n8Hzt pki_client_database_password = XXXXXXXX pki_client_database_purge = False pki_client_pkcs12_password = XXXXXXXX pki_admin_name = admin pki_admin_uid = admin pki_admin_email = root@localhost pki_admin_password = XXXXXXXX pki_admin_nickname = ipa-ca-agent pki_admin_subject_dn = cn=ipa-ca-agent,O=RDLG.NET pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_ds_ldap_port = 389 pki_ds_password = XXXXXXXX pki_ds_base_dn = o=ipaca pki_ds_database = ipaca pki_subsystem_subject_dn = cn=CA Subsystem,O=RDLG.NET pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=RDLG.NET pki_ssl_server_subject_dn = cn=ipa.rdlg.net,O=RDLG.NET pki_audit_signing_subject_dn = cn=CA Audit,O=RDLG.NET pki_ca_signing_subject_dn = cn=Certificate Authority,O=RDLG.NET pki_subsystem_nickname = subsystemCert cert-pki-ca pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ssl_server_nickname = Server-Cert cert-pki-ca pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_key_algorithm = SHA256withRSA 2017-05-11T17:43:11Z DEBUG Starting external process 2017-05-11T17:43:11Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpLkvtmP 2017-05-11T17:44:04Z DEBUG Process finished, return code=0 2017-05-11T17:44:04Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20170511114311.log Loading deployment configuration from /tmp/tmpLkvtmP. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: admin Administrator's PKCS #12 file: /root/ca-agent.p12 Administrator's certificate nickname: ipa-ca-agent Administrator's certificate database: /tmp/tmp-5n8Hzt To check the status of the subsystem: systemctl status pki-tomcatd@pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd@pki-tomcat.service The URL for the subsystem is: https://ipa.rdlg.net:8443/ca PKI instances will be enabled upon system boot ========================================================================== 2017-05-11T17:44:04Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target. 2017-05-11T17:44:04Z DEBUG completed creating ca instance 2017-05-11T17:44:04Z DEBUG duration: 53 seconds 2017-05-11T17:44:04Z DEBUG [3/31]: stopping certificate server instance to update CS.cfg 2017-05-11T17:44:04Z DEBUG Starting external process 2017-05-11T17:44:04Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:05Z DEBUG Process finished, return code=0 2017-05-11T17:44:05Z DEBUG stdout= 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG duration: 0 seconds 2017-05-11T17:44:05Z DEBUG [4/31]: backing up CS.cfg 2017-05-11T17:44:05Z DEBUG Starting external process 2017-05-11T17:44:05Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:05Z DEBUG Process finished, return code=3 2017-05-11T17:44:05Z DEBUG stdout=inactive 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG duration: 0 seconds 2017-05-11T17:44:05Z DEBUG [5/31]: disabling nonces 2017-05-11T17:44:05Z DEBUG duration: 0 seconds 2017-05-11T17:44:05Z DEBUG [6/31]: set up CRL publishing 2017-05-11T17:44:05Z DEBUG Starting external process 2017-05-11T17:44:05Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:44:05Z DEBUG Process finished, return code=0 2017-05-11T17:44:05Z DEBUG stdout= 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG Starting external process 2017-05-11T17:44:05Z DEBUG args=/sbin/restorecon /var/lib/ipa/pki-ca/publish 2017-05-11T17:44:05Z DEBUG Process finished, return code=0 2017-05-11T17:44:05Z DEBUG stdout= 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG duration: 0 seconds 2017-05-11T17:44:05Z DEBUG [7/31]: enable PKIX certificate path discovery and validation 2017-05-11T17:44:05Z DEBUG duration: 0 seconds 2017-05-11T17:44:05Z DEBUG [8/31]: starting certificate server instance 2017-05-11T17:44:05Z DEBUG Starting external process 2017-05-11T17:44:05Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:05Z DEBUG Process finished, return code=0 2017-05-11T17:44:05Z DEBUG stdout= 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG Starting external process 2017-05-11T17:44:05Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:05Z DEBUG Process finished, return code=0 2017-05-11T17:44:05Z DEBUG stdout=active 2017-05-11T17:44:05Z DEBUG stderr= 2017-05-11T17:44:05Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-05-11T17:44:07Z DEBUG Waiting until the CA is running 2017-05-11T17:44:07Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus 2017-05-11T17:44:07Z DEBUG request body '' 2017-05-11T17:44:16Z DEBUG response status 200 2017-05-11T17:44:16Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:16 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:16Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>' 2017-05-11T17:44:16Z DEBUG The CA status is: running 2017-05-11T17:44:16Z DEBUG duration: 10 seconds 2017-05-11T17:44:16Z DEBUG [9/31]: creating RA agent certificate database 2017-05-11T17:44:16Z DEBUG Starting external process 2017-05-11T17:44:16Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N 2017-05-11T17:44:16Z DEBUG Process finished, return code=0 2017-05-11T17:44:16Z DEBUG stdout= 2017-05-11T17:44:16Z DEBUG stderr= 2017-05-11T17:44:16Z DEBUG duration: 0 seconds 2017-05-11T17:44:16Z DEBUG [10/31]: importing CA chain to RA certificate database 2017-05-11T17:44:16Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:44:16Z DEBUG Starting external process 2017-05-11T17:44:16Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L 2017-05-11T17:44:16Z DEBUG Process finished, return code=0 2017-05-11T17:44:16Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI 2017-05-11T17:44:16Z DEBUG stderr= 2017-05-11T17:44:16Z DEBUG Starting external process 2017-05-11T17:44:16Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs 2017-05-11T17:44:16Z DEBUG Process finished, return code=0 2017-05-11T17:44:16Z DEBUG stdout=subject=/O=RDLG.NET/CN=Certificate Authority issuer=/O=RDLG.NET/CN=Certificate Authority -----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:44:16Z DEBUG stderr= 2017-05-11T17:44:16Z DEBUG Starting external process 2017-05-11T17:44:16Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t CT,C,C -n RDLG.NET IPA CA -a -i /tmp/tmpjDNX0L 2017-05-11T17:44:16Z DEBUG Process finished, return code=0 2017-05-11T17:44:16Z DEBUG stdout= 2017-05-11T17:44:16Z DEBUG stderr= 2017-05-11T17:44:16Z DEBUG duration: 0 seconds 2017-05-11T17:44:16Z DEBUG [11/31]: fixing RA database permissions 2017-05-11T17:44:16Z DEBUG duration: 0 seconds 2017-05-11T17:44:16Z DEBUG [12/31]: setting up signing cert profile 2017-05-11T17:44:16Z DEBUG duration: 0 seconds 2017-05-11T17:44:16Z DEBUG [13/31]: setting audit signing renewal to 2 years 2017-05-11T17:44:16Z DEBUG caSignedLogCert.cfg profile validity range is 720 2017-05-11T17:44:16Z DEBUG duration: 0 seconds 2017-05-11T17:44:16Z DEBUG [14/31]: restarting certificate server 2017-05-11T17:44:16Z DEBUG Starting external process 2017-05-11T17:44:16Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:17Z DEBUG Process finished, return code=0 2017-05-11T17:44:17Z DEBUG stdout= 2017-05-11T17:44:17Z DEBUG stderr= 2017-05-11T17:44:17Z DEBUG Starting external process 2017-05-11T17:44:17Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:17Z DEBUG Process finished, return code=0 2017-05-11T17:44:17Z DEBUG stdout=active 2017-05-11T17:44:17Z DEBUG stderr= 2017-05-11T17:44:17Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-05-11T17:44:19Z DEBUG Waiting until the CA is running 2017-05-11T17:44:19Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus 2017-05-11T17:44:19Z DEBUG request body '' 2017-05-11T17:44:27Z DEBUG response status 200 2017-05-11T17:44:27Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:27 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:27Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>' 2017-05-11T17:44:27Z DEBUG The CA status is: running 2017-05-11T17:44:27Z DEBUG duration: 11 seconds 2017-05-11T17:44:27Z DEBUG [15/31]: requesting RA certificate from CA 2017-05-11T17:44:27Z DEBUG Starting external process 2017-05-11T17:44:27Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=RDLG.NET -z /tmp/tmpvxf6oV -a 2017-05-11T17:44:28Z DEBUG Process finished, return code=0 2017-05-11T17:44:28Z DEBUG stdout= Certificate request generated by Netscape certutil Phone: (not specified) Common Name: IPA RA Email: (not specified) Organization: RDLG.NET State: (not specified) Country: (not specified) -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiI0kwAZFIWRDWyX21B DcE8tQcOejbnos9F10l+HrdhMEMPyu83aEcV4YKB0rW1zIb3KB8nHs2PaTdpgxKp mN0fRhN/ZDfI1d1M028ifBHCtIAcHYh9ZkrIcSoAK/rnKnHevr49pEyKrHgeAjh6 lM1JO26m27xdTpEXJ8+BS34d/pQV1Th8N09wrFl+9skZfDeWKG/Qz092Sn2VWGky pKX7NLwQzAXJgQ3J1QD9xeOZdB3BQ+0g9FPvI+4L/PrOnPecrD6/ZTrXcfaoOuT9 zuYaFSoaGAU9lwdLNjFLq2OwA/mzhQsNHs8Jz/Z0aXHiIhCEJju4NS8fERUQ5ybD FnECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBUdgAoFEEMmJJEJL6zwDc8Gu16 BBiDi8PjcKLJrxP18XUegDkHPMuK/JcudQUr5r6uf78QNED/kYIcXT2EfXZiX1Wx XS0W5fWpeYbzT7yCJ8dJP6hU5TeTdtpcNaQUb1v4vALKAQ7ERIwj5NnZRzq5rDum sB2d9k11CYxYTWwgIOxWO6KbE1T8rtvPae1Oo42T4xlf3TKpCcO0mimBXKhOXBQY AbIZbBmTHJjwhSAXXzQQ8Dp+zEfOjgr/EoXcAgv3isPmX+P49N5CruFrQTuX4Gge JKSOiYyvxjccoq98tP2EmQpcs9lDFmmzmi4AfdYHhNPv+SNZm8d3qFy/7+QL -----END NEW CERTIFICATE REQUEST----- 2017-05-11T17:44:28Z DEBUG stderr= Generating key. This may take a few moments... 2017-05-11T17:44:28Z DEBUG duration: 0 seconds 2017-05-11T17:44:28Z DEBUG [16/31]: issuing RA agent certificate 2017-05-11T17:44:28Z DEBUG Starting external process 2017-05-11T17:44:28Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-5n8Hzt -O -n ipa-ca-agent 2017-05-11T17:44:28Z DEBUG Process finished, return code=0 2017-05-11T17:44:28Z DEBUG stdout="ipa-ca-agent" [CN=ipa-ca-agent,O=RDLG.NET] 2017-05-11T17:44:28Z DEBUG stderr= 2017-05-11T17:44:28Z DEBUG Starting external process 2017-05-11T17:44:28Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-5n8Hzt -r /ca/agent/ca/profileReview?requestId=7 ipa.rdlg.net:8443 2017-05-11T17:44:28Z DEBUG Process finished, return code=0 2017-05-11T17:44:28Z DEBUG stdout=HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Date: Thu, 11 May 2017 17:44:27 GMT Connection: close <!-- --- BEGIN COPYRIGHT BLOCK --- This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Copyright (C) 2007 Red Hat, Inc. All rights reserved. --- END COPYRIGHT BLOCK --- --> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <script type="text/javascript"> requestNotes=""; requestType="enrollment"; recordSet = new Array; record = new Object; record.conDesc="This constraint accepts the subject name that matches .*CN=.*"; record.policyId="1"; record.defListSet = new Array; defList = new Object; defList.defId="name"; defList.defConstraint="null"; defList.defName="Subject Name"; defList.defSyntax="string"; defList.defVal="CN=IPA RA,O=RDLG.NET"; record.defListSet[0] = defList; record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request."; recordSet[0] = record; record = new Object; record.conDesc="This constraint rejects the validity that is not between 720 days."; record.policyId="2"; record.defListSet = new Array; defList = new Object; defList.defId="notBefore"; defList.defConstraint="null"; defList.defName="Not Before"; defList.defSyntax="string"; defList.defVal="2017-05-11 11:44:28"; record.defListSet[0] = defList; defList = new Object; defList.defId="notAfter"; defList.defConstraint="null"; defList.defName="Not After"; defList.defSyntax="string"; defList.defVal="2019-05-01 11:44:28"; record.defListSet[1] = defList; record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days"; recordSet[1] = record; record = new Object; record.conDesc="This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521"; record.policyId="3"; record.defListSet = new Array; defList = new Object; defList.defId="TYPE"; defList.defConstraint="readonly"; defList.defName="Key Type"; defList.defSyntax="string"; defList.defVal="RSA - 1.2.840.113549.1.1.1"; record.defListSet[0] = defList; defList = new Object; defList.defId="LEN"; defList.defConstraint="readonly"; defList.defName="Key Length"; defList.defSyntax="string"; defList.defVal="2048"; record.defListSet[1] = defList; defList = new Object; defList.defId="KEY"; defList.defConstraint="readonly"; defList.defName="Key"; defList.defSyntax="string"; defList.defVal="30:82:01:0A:02:82:01:01:00:C8:88:D2:4C:00:64:52:\n16:44:35:B2:5F:6D:41:0D:C1:3C:B5:07:0E:7A:36:E7:\nA2:CF:45:D7:49:7E:1E:B7:61:30:43:0F:CA:EF:37:68:\n47:15:E1:82:81:D2:B5:B5:CC:86:F7:28:1F:27:1E:CD:\n8F:69:37:69:83:12:A9:98:DD:1F:46:13:7F:64:37:C8:\nD5:DD:4C:D3:6F:22:7C:11:C2:B4:80:1C:1D:88:7D:66:\n4A:C8:71:2A:00:2B:FA:E7:2A:71:DE:BE:BE:3D:A4:4C:\n8A:AC:78:1E:02:38:7A:94:CD:49:3B:6E:A6:DB:BC:5D:\n4E:91:17:27:CF:81:4B:7E:1D:FE:94:15:D5:38:7C:37:\n4F:70:AC:59:7E:F6:C9:19:7C:37:96:28:6F:D0:CF:4F:\n76:4A:7D:95:58:69:32:A4:A5:FB:34:BC:10:CC:05:C9:\n81:0D:C9:D5:00:FD:C5:E3:99:74:1D:C1:43:ED:20:F4:\n53:EF:23:EE:0B:FC:FA:CE:9C:F7:9C:AC:3E:BF:65:3A:\nD7:71:F6:A8:3A:E4:FD:CE:E6:1A:15:2A:1A:18:05:3D:\n97:07:4B:36:31:4B:AB:63:B0:03:F9:B3:85:0B:0D:1E:\nCF:09:CF:F6:74:69:71:E2:22:10:84:26:3B:B8:35:2F:\n1F:11:15:10:E7:26:C3:16:71:02:03:01:00:01\n"; record.defListSet[2] = defList; record.defDesc="This default populates a User-Supplied Certificate Key to the request."; recordSet[2] = record; record = new Object; record.conDesc="No Constraint"; record.policyId="4"; record.defListSet = new Array; defList = new Object; defList.defId="critical"; defList.defConstraint="readonly"; defList.defName="Criticality"; defList.defSyntax="string"; defList.defVal="false"; record.defListSet[0] = defList; defList = new Object; defList.defId="keyid"; defList.defConstraint="readonly"; defList.defName="Key ID"; defList.defSyntax="string"; defList.defVal="8E:0E:CE:76:BB:C7:5D:AB:2A:94:B8:05:A8:DB:DC:D9:\n67:3D:6E:B4\n"; record.defListSet[1] = defList; record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request."; recordSet[3] = record; record = new Object; record.conDesc="No Constraint"; record.policyId="5"; record.defListSet = new Array; defList = new Object; defList.defId="authInfoAccessCritical"; defList.defConstraint="null"; defList.defName="Criticality"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[0] = defList; defList = new Object; defList.defId="authInfoAccessGeneralNames"; defList.defConstraint="null"; defList.defName="General Names"; defList.defSyntax="string_list"; defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://ipa-ca.rdlg.net/ca/ocsp\r\nEnable:true\r\n\r\n"; record.defListSet[1] = defList; record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}"; recordSet[4] = record; record = new Object; record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"; record.policyId="6"; record.defListSet = new Array; defList = new Object; defList.defId="keyUsageCritical"; defList.defConstraint="null"; defList.defName="Criticality"; defList.defSyntax="boolean"; defList.defVal="true"; record.defListSet[0] = defList; defList = new Object; defList.defId="keyUsageDigitalSignature"; defList.defConstraint="null"; defList.defName="Digital Signature"; defList.defSyntax="boolean"; defList.defVal="true"; record.defListSet[1] = defList; defList = new Object; defList.defId="keyUsageNonRepudiation"; defList.defConstraint="null"; defList.defName="Non-Repudiation"; defList.defSyntax="boolean"; defList.defVal="true"; record.defListSet[2] = defList; defList = new Object; defList.defId="keyUsageKeyEncipherment"; defList.defConstraint="null"; defList.defName="Key Encipherment"; defList.defSyntax="boolean"; defList.defVal="true"; record.defListSet[3] = defList; defList = new Object; defList.defId="keyUsageDataEncipherment"; defList.defConstraint="null"; defList.defName="Data Encipherment"; defList.defSyntax="boolean"; defList.defVal="true"; record.defListSet[4] = defList; defList = new Object; defList.defId="keyUsageKeyAgreement"; defList.defConstraint="null"; defList.defName="Key Agreement"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[5] = defList; defList = new Object; defList.defId="keyUsageKeyCertSign"; defList.defConstraint="null"; defList.defName="Key CertSign"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[6] = defList; defList = new Object; defList.defId="keyUsageCrlSign"; defList.defConstraint="null"; defList.defName="CRL Sign"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[7] = defList; defList = new Object; defList.defId="keyUsageEncipherOnly"; defList.defConstraint="null"; defList.defName="Encipher Only"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[8] = defList; defList = new Object; defList.defId="keyUsageDecipherOnly"; defList.defConstraint="null"; defList.defName="Decipher Only"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[9] = defList; record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"; recordSet[5] = record; record = new Object; record.conDesc="No Constraint"; record.policyId="7"; record.defListSet = new Array; defList = new Object; defList.defId="exKeyUsageCritical"; defList.defConstraint="null"; defList.defName="Criticality"; defList.defSyntax="boolean"; defList.defVal="false"; record.defListSet[0] = defList; defList = new Object; defList.defId="exKeyUsageOIDs"; defList.defConstraint="null"; defList.defName="Comma-Separated list of Object Identifiers"; defList.defSyntax="string_list"; defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"; record.defListSet[1] = defList; record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"; recordSet[6] = record; record = new Object; record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC"; record.policyId="8"; record.defListSet = new Array; defList = new Object; defList.defId="signingAlg"; defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"; defList.defName="Signing Algorithm"; defList.defSyntax="choice"; defList.defVal="SHA256withRSA"; record.defListSet[0] = defList; record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA"; recordSet[7] = record; profileDesc="This certificate profile is for enrolling server certificates."; inputListSet = new Array; inputList = new Object; inputList.inputId="cert_request_type"; inputList.inputName="Certificate Request Type"; inputList.inputVal="pkcs10"; inputList.inputSyntax="cert_request_type"; inputList.inputConstraint="null"; inputListSet[0] = inputList; inputList = new Object; inputList.inputId="cert_request"; inputList.inputName="Certificate Request"; inputList.inputVal="MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS\r\nQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiI0kwAZFIWRDWyX21B\r\nDcE8tQcOejbnos9F10l+HrdhMEMPyu83aEcV4YKB0rW1zIb3KB8nHs2PaTdpgxKp\r\nmN0fRhN/ZDfI1d1M028ifBHCtIAcHYh9ZkrIcSoAK/rnKnHevr49pEyKrHgeAjh6\r\nlM1JO26m27xdTpEXJ8+BS34d/pQV1Th8N09wrFl+9skZfDeWKG/Qz092Sn2VWGky\r\npKX7NLwQzAXJgQ3J1QD9xeOZdB3BQ+0g9FPvI+4L/PrOnPecrD6/ZTrXcfaoOuT9\r\nzuYaFSoaGAU9lwdLNjFLq2OwA/mzhQsNHs8Jz/Z0aXHiIhCEJju4NS8fERUQ5ybD\r\nFnECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBUdgAoFEEMmJJEJL6zwDc8Gu16\r\nBBiDi8PjcKLJrxP18XUegDkHPMuK/JcudQUr5r6uf78QNED/kYIcXT2EfXZiX1Wx\r\nXS0W5fWpeYbzT7yCJ8dJP6hU5TeTdtpcNaQUb1v4vALKAQ7ERIwj5NnZRzq5rDum\r\nsB2d9k11CYxYTWwgIOxWO6KbE1T8rtvPae1Oo42T4xlf3TKpCcO0mimBXKhOXBQY\r\nAbIZbBmTHJjwhSAXXzQQ8Dp+zEfOjgr/EoXcAgv3isPmX+P49N5CruFrQTuX4Gge\r\nJKSOiYyvxjccoq98tP2EmQpcs9lDFmmzmi4AfdYHhNPv+SNZm8d3qFy/7+QL\n"; inputList.inputSyntax="cert_request"; inputList.inputConstraint="null"; inputListSet[1] = inputList; inputList = new Object; inputList.inputId="requestor_name"; inputList.inputName="Requestor Name"; inputList.inputVal="IPA Installer"; inputList.inputSyntax="string"; inputList.inputConstraint="null"; inputListSet[2] = inputList; inputList = new Object; inputList.inputId="requestor_email"; inputList.inputName="Requestor Email"; inputList.inputVal="null"; inputList.inputSyntax="string"; inputList.inputConstraint="null"; inputListSet[3] = inputList; inputList = new Object; inputList.inputId="requestor_phone"; inputList.inputName="Requestor Phone"; inputList.inputVal="null"; inputList.inputSyntax="string"; inputList.inputConstraint="null"; inputListSet[4] = inputList; errorCode="0"; requestModificationTime="Thu May 11 11:44:28 MDT 2017"; profileRemoteAddr="172.20.0.200"; profileName="Manual Server Certificate Enrollment"; profileApprovedBy="admin"; requestOwner=""; profileId="caServerCert"; profileRemoteHost="172.20.0.200"; profileIsVisible="true"; requestId="7"; errorReason=""; requestStatus="pending"; requestCreationTime="Thu May 11 11:44:28 MDT 2017"; outputListSet = new Array; outputList = new Object; outputList.outputId="pretty_cert"; outputList.outputSyntax="pretty_print"; outputList.outputVal="null"; outputList.outputName="Certificate Pretty Print"; outputList.outputConstraint="null"; outputListSet[0] = outputList; outputList = new Object; outputList.outputId="b64_cert"; outputList.outputSyntax="pretty_print"; outputList.outputVal="null"; outputList.outputName="Certificate Base-64 Encoded"; outputList.outputConstraint="null"; outputListSet[1] = outputList; profileSetId="serverCertSet"; </script> <style> TABLE { border-spacing: 0 0; } </style> <script type="text/javascript"> function escapeValue(value) { return value.replace(/"/g,'"'); } function addEscapes(str) { var outStr = str.replace(/</g, "<"); outStr = outStr.replace(/>/g, ">"); return outStr; } document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request '); document.writeln(requestId); document.writeln('<br></font>'); </script> <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font> <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> <tr> <td> </td> </tr> </table> <p> <script type="text/javascript"> if (requestStatus == 'pending') { document.writeln('<form method=post action="profileProcess">'); document.writeln('<input type=hidden name=requestId value=' + requestId + '>'); } document.writeln('<p>'); document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>'); document.writeln('<table border=1 width=100%>'); document.writeln('<tr>'); document.writeln('<td width=20%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request ID:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request Type:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestType); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request Status:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestStatus); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Requestor Host:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileRemoteHost); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Assigned To:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestOwner); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Creation Time:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestCreationTime); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Modification Time:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestModificationTime); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('</table>'); document.writeln('<p>'); document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>'); document.writeln('<table border=1 width=100%>'); document.writeln('<tr>'); document.writeln('<td width=20%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Certificate Profile Id:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td width=20%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Approved By:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileApprovedBy); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Certificate Profile Name:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileName); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Certificate Profile Description:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileDesc); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('</table>'); document.writeln('<p>'); if (requestStatus != 'pending') { document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>'); document.writeln('<table width=100% border=1>'); document.writeln('<tr>'); document.writeln('<td>'); document.writeln(requestNotes); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('</table>'); document.writeln('<p>'); } if (profileIsVisible == 'true') { document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>'); document.writeln('<table border=1 width=100%>'); document.writeln('<tr>'); document.writeln('<td width=20%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Id</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td width=40%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Input Names</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Input Values</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); for (var i = 0; i < inputListSet.length; i++) { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(inputListSet[i].inputId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(inputListSet[i].inputName); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(addEscapes(inputListSet[i].inputVal)); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } document.writeln('</table>'); document.writeln('<p>'); } if (requestStatus == 'complete') { document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>'); for (var i = 0; i < outputListSet.length; i++) { document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' ); document.writeln('<li>'); document.writeln(outputListSet[i].outputName); document.writeln('</FONT>'); document.writeln('<p>'); if (outputListSet[i].outputSyntax == 'string') { document.writeln(outputListSet[i].outputVal); } else if (outputListSet[i].outputSyntax == 'pretty_print') { document.writeln('<pre>'); document.writeln(outputListSet[i].outputVal); document.writeln('</pre>'); } else if (outputListSet[i].outputSyntax == 'der_b64') { document.writeln('<pre>'); document.writeln('-----BEGIN CERTIFICATE-----'); document.writeln(outputListSet[i].outputVal); document.writeln('-----END CERTIFICATE-----'); document.writeln('</pre>'); } document.writeln('</p>'); } } if (requestStatus == 'pending') { document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>'); document.writeln('<table>'); document.writeln('<tr>'); document.writeln('<td width=20%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Certificate Profile Set Id:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileSetId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); document.writeln('</table>'); document.writeln('<table border=1 width=100%>'); document.writeln('<tr>'); document.writeln('<td width=10%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>#</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td width=45%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Extensions / Fields</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td width=45%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Constraints</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); for (var i = 0; i < recordSet.length; i++) { document.writeln('<tr valign=top>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(recordSet[i].policyId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(recordSet[i].defDesc); document.writeln('</FONT>'); document.writeln('<p>'); document.writeln('<table width=100%>'); for (var j = 0; j < recordSet[i].defListSet.length; j++) { document.writeln('<tr valign=top>'); if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') { document.writeln('<td width=30%><i>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(recordSet[i].defListSet[j].defName + ':'); document.writeln('</FONT>'); document.writeln('</i></td>'); document.writeln('<td width=70%>'); if (recordSet[i].defListSet[j].defConstraint == 'readonly') { document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(recordSet[i].defListSet[j].defVal); document.writeln('</FONT>'); } else { if (recordSet[i].defListSet[j].defSyntax == 'string') { document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">'); } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') { document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>'); } else if (recordSet[i].defListSet[j].defSyntax == 'integer') { document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">'); } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') { document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">'); document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">'); } else if (recordSet[i].defListSet[j].defSyntax == 'choice') { document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">'); var c = recordSet[i].defListSet[j].defConstraint.split(','); for(var k = 0; k < c.length; k++) { if (recordSet[i].defListSet[j].defVal == c[k]) { document.writeln('<option selected value=' + c[k] + '>'); } else { document.writeln('<option value=' + c[k] + '>'); } document.writeln(c[k]); document.writeln('</option>'); } document.writeln('</select>'); } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') { document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">'); if (recordSet[i].defListSet[j].defVal == 'true') { document.writeln('<option selected value=true>true</option>'); document.writeln('<option value=false>false</option>'); } else { document.writeln('<option value=true>true</option>'); document.writeln('<option selected value=false>false</option>'); } document.writeln('</select>'); } } document.writeln('</td>'); } document.writeln('</tr>'); } document.writeln('</table>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(recordSet[i].conDesc); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } // for document.writeln('</table>'); document.writeln('<p>'); document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>'); document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>'); document.writeln('<p>'); document.writeln('<SELECT NAME="op">'); document.writeln('<OPTION VALUE="update">Update request</OPTION>'); document.writeln('<OPTION VALUE="validate">Validate request</OPTION>'); document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>'); document.writeln('<OPTION VALUE="reject">Reject request</OPTION>'); document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>'); document.writeln('<OPTION VALUE="assign">Assign request</OPTION>'); document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>'); document.writeln('</SELECT>'); if (typeof(nonce) != "undefined") { document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">"); } document.writeln('<input type=submit name=submit value=submit>'); document.writeln('</form>'); } // if </script> </html> Subject: CN=ipa.rdlg.net,O=RDLG.NET Issuer : CN=Certificate Authority,O=RDLG.NET bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1 2017-05-11T17:44:28Z DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 Host: ipa.rdlg.net:8443 port: 8443 addr='ipa.rdlg.net' family='2' IP='172.20.0.200' Called mygetclientauthdata - nickname = ipa-ca-agent mygetclientauthdata - cert = 1d8da70 mygetclientauthdata - privkey = 1dd0100 PR_Write wrote 80 bytes from bigBuf bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 Host: ipa.rdlg.net:8443 ] do_writes shutting down send socket do_writes exiting with (result = 0) connection 1 read 9000 bytes (9000 total). these bytes read: connection 1 read 9000 bytes (18000 total). these bytes read: connection 1 read 9000 bytes (27000 total). these bytes read: connection 1 read 2697 bytes (29697 total). these bytes read: connection 1 read 29697 bytes total. ----------------------------- Done with possible addresses - exiting. 2017-05-11T17:44:28Z DEBUG Starting external process 2017-05-11T17:44:28Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-5n8Hzt -e exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-11+11%3A44%3A28&keyUsageCritical=true&submit=submit¬After=2019-05-01+11%3A44%3A28&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve -r /ca/agent/ca/profileProcess ipa.rdlg.net:8443 2017-05-11T17:44:28Z DEBUG Process finished, return code=0 2017-05-11T17:44:28Z DEBUG stdout=HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Date: Thu, 11 May 2017 17:44:28 GMT Connection: close <!-- --- BEGIN COPYRIGHT BLOCK --- This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Copyright (C) 2007 Red Hat, Inc. All rights reserved. --- END COPYRIGHT BLOCK --- --> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <script type="text/javascript"> outputListSet = new Array; outputList = new Object; outputList.outputId="pretty_cert"; outputList.outputSyntax="pretty_print"; outputList.outputVal=" Certificate: \n Data: \n Version: v3\n Serial Number: 0x7\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=Certificate Authority,O=RDLG.NET\n Validity: \n Not Before: Thursday, May 11, 2017 11:44:28 AM MDT America/Denver\n Not After: Wednesday, May 1, 2019 11:44:28 AM MDT America/Denver\n Subject: CN=IPA RA,O=RDLG.NET\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n C8:88:D2:4C:00:64:52:16:44:35:B2:5F:6D:41:0D:C1:\n 3C:B5:07:0E:7A:36:E7:A2:CF:45:D7:49:7E:1E:B7:61:\n 30:43:0F:CA:EF:37:68:47:15:E1:82:81:D2:B5:B5:CC:\n 86:F7:28:1F:27:1E:CD:8F:69:37:69:83:12:A9:98:DD:\n 1F:46:13:7F:64:37:C8:D5:DD:4C:D3:6F:22:7C:11:C2:\n B4:80:1C:1D:88:7D:66:4A:C8:71:2A:00:2B:FA:E7:2A:\n 71:DE:BE:BE:3D:A4:4C:8A:AC:78:1E:02:38:7A:94:CD:\n 49:3B:6E:A6:DB:BC:5D:4E:91:17:27:CF:81:4B:7E:1D:\n FE:94:15:D5:38:7C:37:4F:70:AC:59:7E:F6:C9:19:7C:\n 37:96:28:6F:D0:CF:4F:76:4A:7D:95:58:69:32:A4:A5:\n FB:34:BC:10:CC:05:C9:81:0D:C9:D5:00:FD:C5:E3:99:\n 74:1D:C1:43:ED:20:F4:53:EF:23:EE:0B:FC:FA:CE:9C:\n F7:9C:AC:3E:BF:65:3A:D7:71:F6:A8:3A:E4:FD:CE:E6:\n 1A:15:2A:1A:18:05:3D:97:07:4B:36:31:4B:AB:63:B0:\n 03:F9:B3:85:0B:0D:1E:CF:09:CF:F6:74:69:71:E2:22:\n 10:84:26:3B:B8:35:2F:1F:11:15:10:E7:26:C3:16:71\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n 8E:0E:CE:76:BB:C7:5D:AB:2A:94:B8:05:A8:DB:DC:D9:\n 67:3D:6E:B4\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://ipa-ca.rdlg.net/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Data Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n 1.3.6.1.5.5.7.3.1\n 1.3.6.1.5.5.7.3.2\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 64:5F:8C:95:3E:3B:15:4C:C3:45:D0:21:E0:CA:15:0F:\n D2:31:B1:D8:B1:99:D9:9C:20:E6:BB:4A:49:DB:36:71:\n A6:B2:14:B3:0A:2F:CC:46:45:F0:03:49:A8:FA:5F:E4:\n 6A:7A:C6:13:B5:D0:6E:EB:98:D5:76:08:93:D0:F1:7E:\n 5A:2B:4F:2E:E5:F5:CC:AC:CB:C3:25:4C:FA:0B:F9:24:\n EC:61:5B:8B:89:05:28:45:90:5C:AF:15:21:9B:11:2C:\n 31:51:BB:47:4E:EF:FC:EA:57:B5:1E:86:10:EB:B8:F6:\n F9:AD:D4:CF:B8:D1:4D:C9:19:47:1B:48:18:16:68:F6:\n BD:EE:1C:7A:69:F2:79:1B:2D:A0:EE:99:68:45:26:82:\n F9:40:AA:71:4C:3B:F7:E7:6F:CA:8E:B2:87:AF:6B:85:\n 37:84:A8:B7:F0:AA:61:8F:4E:91:1C:E0:D5:F1:9D:7A:\n FF:89:22:C3:F8:94:77:E1:24:51:E2:72:1E:98:C0:BA:\n D0:59:3C:04:4F:BA:A6:8D:C1:19:D5:A9:A0:03:2A:23:\n 23:32:91:33:87:E2:39:EC:B5:D0:E0:F2:E0:51:1B:02:\n BB:3F:2B:7D:85:C1:42:97:06:F9:A0:7C:60:C0:16:0F:\n E1:77:19:F3:BF:F3:49:62:9A:1B:B7:62:24:31:C2:D9\n FingerPrint\n MD2:\n 6A:E2:F2:8A:A8:76:67:CE:29:4D:C6:A7:BA:78:22:0B\n MD5:\n 2B:EF:5B:64:FC:A0:2C:59:A8:B8:5F:E8:99:90:0C:5D\n SHA-1:\n 06:5A:46:F7:3C:03:6A:72:89:CC:FD:53:2E:9C:FB:F5:\n 3B:50:88:F0\n SHA-256:\n AE:33:0F:B1:95:F4:D5:D5:6A:DB:66:E6:76:AF:B3:A9:\n 4F:E8:CA:C3:1C:17:F4:79:22:B7:F8:E8:40:49:2C:F6\n SHA-512:\n C8:93:45:AA:91:AA:26:03:76:73:1C:21:2B:FB:70:81:\n 71:B8:F3:AF:CC:C6:A2:5C:ED:93:60:55:71:0D:8C:C1:\n F6:59:98:16:35:D6:36:4E:77:34:71:76:4F:88:C1:64:\n 12:C1:B9:40:D7:10:03:4F:52:3F:6A:5E:EC:9E:92:ED\n"; outputList.outputName="Certificate Pretty Print"; outputList.outputConstraint="null"; outputListSet[0] = outputList; outputList = new Object; outputList.outputId="b64_cert"; outputList.outputSyntax="pretty_print"; outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDYjCCAkqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH\r\nLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3\r\nNDQyOFoXDTE5MDUwMTE3NDQyOFowJDERMA8GA1UECgwIUkRMRy5ORVQxDzANBgNV\r\nBAMMBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiI0kwA\r\nZFIWRDWyX21BDcE8tQcOejbnos9F10l+HrdhMEMPyu83aEcV4YKB0rW1zIb3KB8n\r\nHs2PaTdpgxKpmN0fRhN/ZDfI1d1M028ifBHCtIAcHYh9ZkrIcSoAK/rnKnHevr49\r\npEyKrHgeAjh6lM1JO26m27xdTpEXJ8+BS34d/pQV1Th8N09wrFl+9skZfDeWKG/Q\r\nz092Sn2VWGkypKX7NLwQzAXJgQ3J1QD9xeOZdB3BQ+0g9FPvI+4L/PrOnPecrD6/\r\nZTrXcfaoOuT9zuYaFSoaGAU9lwdLNjFLq2OwA/mzhQsNHs8Jz/Z0aXHiIhCEJju4\r\nNS8fERUQ5ybDFnECAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBSODs52u8ddqyqUuAWo\r\n29zZZz1utDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9pcGEt\r\nY2EucmRsZy5uZXQvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBkX4yVPjsVTMNF\r\n0CHgyhUP0jGx2LGZ2Zwg5rtKSds2caayFLMKL8xGRfADSaj6X+RqesYTtdBu65jV\r\ndgiT0PF+WitPLuX1zKzLwyVM+gv5JOxhW4uJBShFkFyvFSGbESwxUbtHTu/86le1\r\nHoYQ67j2+a3Uz7jRTckZRxtIGBZo9r3uHHpp8nkbLaDumWhFJoL5QKpxTDv352/K\r\njrKHr2uFN4Sot/CqYY9OkRzg1fGdev+JIsP4lHfhJFHich6YwLrQWTwET7qmjcEZ\r\n1amgAyojIzKRM4fiOey10ODy4FEbArs/K32FwUKXBvmgfGDAFg/hdxnzv/NJYpob\r\nt2IkMcLZ\r\n-----END CERTIFICATE-----\n"; outputList.outputName="Certificate Base-64 Encoded"; outputList.outputConstraint="null"; outputListSet[1] = outputList; errorReason=""; requestType="enrollment"; profileId="caServerCert"; requestId="7"; errorCode="0"; requestStatus="complete"; op="approve"; </script> <script type="text/javascript"> function addEscapes(str) { var outStr = str.replace(/</g, "<"); outStr = outStr.replace(/>/g, ">"); return outStr; } document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request '); if (typeof(requestId) != "undefined") { document.writeln(requestId); } document.writeln('<br></font>'); </script> <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font> <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> <tr> <td> </td> </tr> </table> <p> <script type="text/javascript"> document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request Information:</b>'); document.writeln('</FONT>'); document.writeln('<table border=1 width=100%>'); if (typeof(requestId) != "undefined") { document.writeln('<tr>'); document.writeln('<td width=30%>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request ID:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<a href="profileReview?requestId=' + requestId + '">'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestId); document.writeln('</FONT>'); document.writeln('</a>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(requestType) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request Type:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestType); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(requestStatus) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Request Status:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(requestStatus); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(profileId) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Certificate Profile Id:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(profileId); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(op) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Operation Requested:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(op); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(errorCode) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Error Code:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(errorCode); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } if (typeof(errorReason) != "undefined") { document.writeln('<tr>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln('<b>Error Reason:</b>'); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); document.writeln(errorReason); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('</tr>'); } document.writeln('</table>'); document.writeln('<p>'); document.writeln('</table>'); if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') { document.writeln('<table width=100%>'); for (var i = 0; i < outputListSet.length; i++) { document.writeln('<tr valign=top>'); document.writeln('<td>'); document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' ); document.writeln('<li>'); document.writeln(outputListSet[i].outputName); document.writeln('</FONT>'); document.writeln('</td>'); document.writeln('<tr valign=top>'); document.writeln('</tr>'); document.writeln('<td>'); if (outputListSet[i].outputSyntax == 'string') { document.writeln(addEscapes(outputListSet[i].outputVal)); } else if (outputListSet[i].outputSyntax == 'pretty_print') { document.writeln('<pre>'); document.writeln(addEscapes(outputListSet[i].outputVal)); document.writeln('</pre>'); } document.writeln('</td>'); document.writeln('</tr>'); } document.writeln('</table>'); } </script> </html> Subject: CN=ipa.rdlg.net,O=RDLG.NET Issuer : CN=Certificate Authority,O=RDLG.NET bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1 2017-05-11T17:44:28Z DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0 Host: ipa.rdlg.net:8443 Content-Length: 738 Content-Type: application/x-www-form-urlencoded exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-11+11%3A44%3A28&keyUsageCritical=true&submit=submit¬After=2019-05-01+11%3A44%3A28&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443 addr='ipa.rdlg.net' family='2' IP='172.20.0.200' Called mygetclientauthdata - nickname = ipa-ca-agent mygetclientauthdata - cert = 104dd80 mygetclientauthdata - privkey = 1090410 PR_Write wrote 878 bytes from bigBuf bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0 Host: ipa.rdlg.net:8443 Content-Length: 738 Content-Type: application/x-www-form-urlencoded exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-11+11%3A44%3A28&keyUsageCritical=true&submit=submit¬After=2019-05-01+11%3A44%3A28&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve] do_writes shutting down send socket do_writes exiting with (result = 0) connection 1 read 9000 bytes (9000 total). these bytes read: connection 1 read 4329 bytes (13329 total). these bytes read: connection 1 read 13329 bytes total. ----------------------------- Done with possible addresses - exiting. 2017-05-11T17:44:28Z DEBUG Starting external process 2017-05-11T17:44:28Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t u,u,u -n ipaCert -a -i /tmp/tmpjyTP5R 2017-05-11T17:44:29Z DEBUG Process finished, return code=0 2017-05-11T17:44:29Z DEBUG stdout= 2017-05-11T17:44:29Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. 2017-05-11T17:44:29Z DEBUG Starting external process 2017-05-11T17:44:29Z DEBUG args=/usr/bin/pki -d /etc/httpd/alias -C /etc/httpd/alias/pwdfile.txt client-cert-show ipaCert --client-cert /etc/httpd/alias/tmpyljSW7 2017-05-11T17:44:29Z DEBUG Process finished, return code=0 2017-05-11T17:44:29Z DEBUG stdout= 2017-05-11T17:44:29Z DEBUG stderr= 2017-05-11T17:44:29Z DEBUG duration: 1 seconds 2017-05-11T17:44:29Z DEBUG [17/31]: adding RA agent as a trusted user 2017-05-11T17:44:29Z DEBUG Created connection context.ldap2_94759568 2017-05-11T17:44:29Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:44:29Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f7def0> 2017-05-11T17:44:29Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2017-05-11T17:44:29Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2017-05-11T17:44:29Z DEBUG Destroyed connection context.ldap2_94759568 2017-05-11T17:44:29Z DEBUG duration: 0 seconds 2017-05-11T17:44:29Z DEBUG [18/31]: authorizing RA to modify profiles 2017-05-11T17:44:29Z DEBUG Created connection context.ldap2_92622480 2017-05-11T17:44:29Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:44:29Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x57aa050> 2017-05-11T17:44:29Z DEBUG Destroyed connection context.ldap2_92622480 2017-05-11T17:44:29Z DEBUG duration: 0 seconds 2017-05-11T17:44:29Z DEBUG [19/31]: authorizing RA to manage lightweight CAs 2017-05-11T17:44:29Z DEBUG Created connection context.ldap2_92620624 2017-05-11T17:44:29Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:44:29Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f7def0> 2017-05-11T17:44:30Z DEBUG Destroyed connection context.ldap2_92620624 2017-05-11T17:44:30Z DEBUG duration: 0 seconds 2017-05-11T17:44:30Z DEBUG [20/31]: Ensure lightweight CAs container exists 2017-05-11T17:44:30Z DEBUG Created connection context.ldap2_92619344 2017-05-11T17:44:30Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:44:30Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x57aa050> 2017-05-11T17:44:30Z DEBUG Destroyed connection context.ldap2_92619344 2017-05-11T17:44:30Z DEBUG duration: 0 seconds 2017-05-11T17:44:30Z DEBUG [21/31]: configure certmonger for renewals 2017-05-11T17:44:30Z DEBUG Starting external process 2017-05-11T17:44:30Z DEBUG args=/bin/systemctl enable certmonger.service 2017-05-11T17:44:30Z DEBUG Process finished, return code=0 2017-05-11T17:44:30Z DEBUG stdout= 2017-05-11T17:44:30Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. 2017-05-11T17:44:30Z DEBUG Starting external process 2017-05-11T17:44:30Z DEBUG args=/bin/systemctl start messagebus.service 2017-05-11T17:44:30Z DEBUG Process finished, return code=0 2017-05-11T17:44:30Z DEBUG stdout= 2017-05-11T17:44:30Z DEBUG stderr= 2017-05-11T17:44:30Z DEBUG Starting external process 2017-05-11T17:44:30Z DEBUG args=/bin/systemctl is-active messagebus.service 2017-05-11T17:44:30Z DEBUG Process finished, return code=0 2017-05-11T17:44:30Z DEBUG stdout=active 2017-05-11T17:44:30Z DEBUG stderr= 2017-05-11T17:44:30Z DEBUG Starting external process 2017-05-11T17:44:30Z DEBUG args=/bin/systemctl start certmonger.service 2017-05-11T17:44:30Z DEBUG Process finished, return code=0 2017-05-11T17:44:30Z DEBUG stdout= 2017-05-11T17:44:30Z DEBUG stderr= 2017-05-11T17:44:30Z DEBUG Starting external process 2017-05-11T17:44:30Z DEBUG args=/bin/systemctl is-active certmonger.service 2017-05-11T17:44:30Z DEBUG Process finished, return code=0 2017-05-11T17:44:30Z DEBUG stdout=active 2017-05-11T17:44:30Z DEBUG stderr= 2017-05-11T17:44:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:44:30Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:44:30Z DEBUG duration: 0 seconds 2017-05-11T17:44:30Z DEBUG [22/31]: configure certificate renewals 2017-05-11T17:44:33Z DEBUG duration: 2 seconds 2017-05-11T17:44:33Z DEBUG [23/31]: configure RA certificate renewal 2017-05-11T17:44:34Z DEBUG duration: 0 seconds 2017-05-11T17:44:34Z DEBUG [24/31]: configure Server-Cert certificate renewal 2017-05-11T17:44:35Z DEBUG duration: 0 seconds 2017-05-11T17:44:35Z DEBUG [25/31]: Configure HTTP to proxy connections 2017-05-11T17:44:35Z DEBUG duration: 0 seconds 2017-05-11T17:44:35Z DEBUG [26/31]: restarting certificate server 2017-05-11T17:44:35Z DEBUG Starting external process 2017-05-11T17:44:35Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:46Z DEBUG Process finished, return code=0 2017-05-11T17:44:46Z DEBUG stdout= 2017-05-11T17:44:46Z DEBUG stderr= 2017-05-11T17:44:46Z DEBUG Starting external process 2017-05-11T17:44:46Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:44:47Z DEBUG Process finished, return code=0 2017-05-11T17:44:47Z DEBUG stdout=active 2017-05-11T17:44:47Z DEBUG stderr= 2017-05-11T17:44:47Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-05-11T17:44:49Z DEBUG Waiting until the CA is running 2017-05-11T17:44:49Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus 2017-05-11T17:44:49Z DEBUG request body '' 2017-05-11T17:44:56Z DEBUG response status 200 2017-05-11T17:44:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:56 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>' 2017-05-11T17:44:56Z DEBUG The CA status is: running 2017-05-11T17:44:56Z DEBUG duration: 20 seconds 2017-05-11T17:44:56Z DEBUG [27/31]: migrating certificate profiles to LDAP 2017-05-11T17:44:56Z DEBUG Created connection context.ldap2_94874320 2017-05-11T17:44:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:44:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x59b21b8> 2017-05-11T17:44:56Z DEBUG Destroyed connection context.ldap2_94874320 2017-05-11T17:44:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:56Z DEBUG request body '' 2017-05-11T17:44:56Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:56Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:56Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:56Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 200 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1FA60BA49A4AF03284BB4B32697594C4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:57Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 409 2017-05-11T17:44:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:57Z DEBUG Error migrating 'caUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserCert?action=enable 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 500 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 204 2017-05-11T17:44:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=E34B9627F6C1558007A82D284B93348E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '' 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 200 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E353AA43A99A26C3D7ECCF5BBA015947; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:57Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 409 2017-05-11T17:44:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:57Z DEBUG Error migrating 'caECUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECUserCert?action=enable 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 500 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 204 2017-05-11T17:44:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=BB879FC251734959CC529ED74761C969; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '' 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 200 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=ADC182EC311E8F49DDB5A01A818DB0F7; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:57Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 409 2017-05-11T17:44:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:57Z DEBUG Error migrating 'caUserSMIMEcapCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 500 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 204 2017-05-11T17:44:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=44130FD11B056D3EA9DEAB39AF44C565; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '' 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 200 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9235F11C2EC21F0F22CF8CA481B0977A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:57Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 409 2017-05-11T17:44:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:57Z DEBUG Error migrating 'caDualCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualCert?action=enable 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:57Z DEBUG response status 500 2017-05-11T17:44:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:57Z DEBUG request body '' 2017-05-11T17:44:57Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:57Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:57Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:57Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=966A0F69015391DCB792C651F32AD3B0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3236D2161FB636AE7BFF87755F093B89; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-authenticated User Signing & Encryption Certificates Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDirBasedDualCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caDirBasedDualCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirBasedDualCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=667184C96C3346CD5DAE3718527E21DA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=795E298DB41C3E5DF7288F0B885D30D2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caECDualCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDualCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=3D026039980634A832F48951BE8A62FA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:57 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4728F60AAC43EA3BE9DD019854C2DF9C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n" 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'AdminCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/AdminCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=925A4360F0CFBBE54BE9807ACB63E7F5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D1DD4D48F9AB8D561808382389E4875A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=0\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caSignedLogCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSignedLogCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=CD42D43B6EF36BBEF4292C3ACD369754; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3678A24BCAEDDF40777D653074370A4A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caTPSCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTPSCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=231CA220EDDD14DEEB03EE4CEB10F926; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5FBA38A764D4885EE43A0444D954C3CA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caRARouterCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRARouterCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=DEFC6FAEA58B373567CBDAA20E1E0C7B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=34F63D512092A3CB35FEFB0B0BF6AE58; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caRouterCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRouterCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=0A680426C87A17A5C9CA371FACE623E2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=45DDB96AF9D6C89959D1570DD780909F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caServerCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caServerCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=3C91DE159621A4449BC8DA1271C1992E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1335941B2EF1D8551DA7E04260D140F0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSubsystemCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=E27C9CE8701F32751A440D29BF75845B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FCE80364507AAAD6D408EAD4BF268677; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caOtherCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOtherCert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=A38F723C3ABA3255B55522D44CDAD5DD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7AE62B90AC716A1FAEE78AC0CE8AE9E2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caCACert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCACert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 500 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 204 2017-05-11T17:44:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=D6E0C8A214A3EB4867C010B82EFDCD7F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '' 2017-05-11T17:44:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 200 2017-05-11T17:44:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=6FFD9BA611FDB5AB724775CAA93BA588; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:58Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:58Z DEBUG response status 409 2017-05-11T17:44:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:58Z DEBUG Error migrating 'caCrossSignedCACert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCrossSignedCACert?action=enable 2017-05-11T17:44:58Z DEBUG request body '' 2017-05-11T17:44:58Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:58Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:58Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:58Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=AFB05426B8C5C0DF26155FB79BFC03BD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E6C3CBBFBD5BFC98158F48DA16DC381A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caInstallCACert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInstallCACert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=7FA4347734C8FC5C85A155608CF13C15; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7A241DA7C043EA225463701579D2F1C9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caRACert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRACert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:58 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=0FCB94EBFD34A0D863F00D35411C81B1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C424185DC06ADD0CC62A68FABEDF7C19; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOCSPCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=ABCA7716B62E28D9A5642DA3F60DCB0E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=84F05790D808C5B9783576E90860E41C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caStorageCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caStorageCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=653532FF725320066FDBFAE685C329AF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E8B48C14FE2F864C4FBA5CA05A6DD778; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caTransportCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTransportCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=B3F05987CFD351550AC5F3EEE0CD7AA1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=ECD513385A09301ED72A000EA66560FB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caDirPinUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirPinUserCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=E013BE102D84DD96F3352D52B9AC353B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=66380D8D15C72CD29E3921D52D4D6C19; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=9F3685C0FC5BF2B137B630FC288DDC3E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=63672E46A3B8E2A866A8B4C4A30EDA0F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caECDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDirUserCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=DD2572A9A85974045503B2692C636719; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D1FFA7DC4ADA947DF26E914CB5098722; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caAgentServerCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentServerCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=2B0EC93A5F884F6886FCB1CC5D2AA640; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FA02D687C8B5A9567DB8B1992F40EE51; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caAgentFileSigning': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentFileSigning?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=E0A8C2797499B5DD0DCBA59B814BE8EC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=0E191FC838D934B5D824B1E3D8757D3D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 409 2017-05-11T17:44:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:44:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:44:59Z DEBUG Error migrating 'caCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCMCUserCert?action=enable 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 500 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:44:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:44:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 204 2017-05-11T17:44:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=D05826362EC0A1E8DE1E242F4E140603; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '' 2017-05-11T17:44:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:44:59Z DEBUG request body '' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:44:59Z DEBUG response status 200 2017-05-11T17:44:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5869648F2664E444C7C4FB0925463F04; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:44:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:44:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:44:59Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:44:59Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:44:59Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:44:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:44:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:44:59Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:44:59Z DEBUG Protocol: TLS1.2 2017-05-11T17:44:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caFullCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caFullCMCUserCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=7FD385838B6758DDE9AB1437AE7E40C3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FEF4B8577E88354A89FCB6DEBEAC69AF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caSimpleCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSimpleCMCUserCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=435E84DF600777CC1913944A973A35DA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=68B11584475DCAD4D67533DA41028EC6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=414AC0BCE98D97500FD03485E68E5EC0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=454D347DA2526D75C000744BDD175F73; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:44:59 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=16385AC307FB817E8BA13CB1E492D963; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CADDA0797B5A42708918E802A658395A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=F76DC8B41CA321C2051842A5920A36C0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=52A0B683C4CD22288D1EFD5AE5C79BAD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTempTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=922708EF05DD810B8A437992589D0CA9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D4167BAE8D8651EAE99DE6D7C3BADDEC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTempTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=027231F4A1E9A28762311C63B62070C4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=342AD0B2E61BE86AC880A7679D8520A4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caTempTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=2478DE639BFE55FF1D62C0C6BC2869D5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=56689AD837405CF7ADB30CDC2EF744B3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caAdminCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAdminCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=21C0DF66F747D4D3628DF3600C0298E5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C04186A0AE1C24DBA140EBB0C4B9C922; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n# turn each corresponding subjAltExtPattern_<num> to true\n# policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthServerCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthServerCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=694EFF6070E0C4C6C22A16C6621F021F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E36A6F8412DC2C69619C701E5B3C15F5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthTransportCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthTransportCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=C0ED3B00282F5DC228F1A6006CBD3741; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4E611ECE3D615086D90B1294AB7B5806; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthDRMstorageCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=279AA844AF9D44274AA8C02DCC745D68; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AFA9890C987C3299FF2052EEFFD1A087; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=F769A2D7291B014E1CB55BB603CC0DF6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=181C844D02B0F622B3DDD92526D40F4D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=F824CD655789AB15F0C950626EAAC5DE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B0DC0A5F9F22E97F7D045CD4AA5E9714; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'caInternalAuthAuditSigningCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 500 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:00Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:00Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 204 2017-05-11T17:45:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=3385AE041831D1E9EF443064CDECEE35; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '' 2017-05-11T17:45:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 200 2017-05-11T17:45:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=943DCD07088DA37D609E985074C2CA5E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:00Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n" 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:00Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:00Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:00Z DEBUG response status 409 2017-05-11T17:45:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:00Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:00Z DEBUG Error migrating 'DomainController': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/DomainController?action=enable 2017-05-11T17:45:00Z DEBUG request body '' 2017-05-11T17:45:00Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:00Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=6F2CAC50C8E7AC2B02360F86D7B177ED; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CC16DE7712A1564655F19EDED5E67014; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caDualRAuserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualRAuserCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=48704AB17C893401321D69787736C26E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D163B8FABDB34854048BD556B609A8D1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caRAagentCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAagentCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=ECBEA5996A438DBF29F0A85605F26141; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7AEE774F543AA521CCFF8DDAECC7DCD2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caRAserverCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAserverCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=D793896572ECB897AE653A0EAA948729; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E9EC2BC3AB9F861B1F428C057C29C78D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:00 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caUUIDdeviceCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUUIDdeviceCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=9AF4CFA6BF2EA931EB5760C2212C7905; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A923AD27047BB71AC87C48DEE675B7FF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caSSLClientSelfRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=6BE4F2EB9079D5E97F6F7DE2B6BC896A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B1B394B34978E53C24600694473CB630; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caDirUserRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=2BFEEBE372718F2734EA63C5701E272B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=6CB89F319373D25EF743B0FF19C8C785; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caManualRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caManualRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=34C1281C70CFAC43D06446071805F4D8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A3D73875382BAE12AD2C4D41B0B9581D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caTokenMSLoginEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=CE9A80CBB0844EBE6711A8D1CE01E008; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=18F36380F04879B767B82D08EA94B671; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caTokenUserSigningKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=ECDD12A5E2CA40AE2ED8B7FD215E9D0A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=0B68688A8880C39BED6A112BDD9F41C2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caTokenUserEncryptionKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=8F3EBE529592131E668D0FDC92DCA3E5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D6FCF5512BA8E2DAD1ABB7704203AD32; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caTokenUserAuthKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=3A2C25BD178E0A4C27CB2A36576A9A9E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B1B2ECF156F321EE4BB811472C18E460; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=0\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caJarSigningCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caJarSigningCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=381E1B14D6A265B0925569EF262A62B3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F30AB8AAEAE2B5AB5A2FA3E11B3BBFCC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=B8AF543207FF69FDFBAC0C348DD380AD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=6E408AAD9DAFAE747ED92127036A9481; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caEncUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncUserCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=3F047210A5986527F342299BC7A6F1BC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E132225977DEB8E35C8DAFEFDC70D478; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling user signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 409 2017-05-11T17:45:01Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:01Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:01Z DEBUG Error migrating 'caSigningUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningUserCert?action=enable 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 500 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:01Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:01Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 204 2017-05-11T17:45:01Z DEBUG response headers {'set-cookie': 'JSESSIONID=BF21C6ECBF659FACAC3956DCD4B8B56E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '' 2017-05-11T17:45:01Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:01Z DEBUG request body '' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:01Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:01Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:01Z DEBUG response status 200 2017-05-11T17:45:01Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7D78A99E67ABA8A2DDC8A47E92C95D05; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:01Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC signing certificates. It works only with the latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningECUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:01Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:01Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 409 2017-05-11T17:45:02Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:02Z DEBUG Error migrating 'caSigningECUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningECUserCert?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 500 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:02Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:02Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'set-cookie': 'JSESSIONID=D565FB560DC6FA511BBD897FB5BF48A8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=8511B13ACECCDF9D49911F31A422D183; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:02Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1\ninput.i1.class_id=encKeyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\nprofileId=caEncECUserCert\nclassId=caEnrollImpl\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 409 2017-05-11T17:45:02Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:02Z DEBUG Error migrating 'caEncECUserCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncECUserCert?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 500 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:02Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:02Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'set-cookie': 'JSESSIONID=254A3EC2B13C85F292098A09C77D1B0A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E95EB1D1FB9B22512B70BF3813D54F8B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:02Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 409 2017-05-11T17:45:02Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:02Z DEBUG Error migrating 'caTokenUserDelegateAuthKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 500 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:02Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:02Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'set-cookie': 'JSESSIONID=9AEC583DAB67C52ABA94183A7FE402B8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7194DE185F3CFA5AFEE139A3C06363DC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:02Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 409 2017-05-11T17:45:02Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:02Z DEBUG Error migrating 'caTokenUserDelegateSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 500 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'text/html;charset=utf-8'} 2017-05-11T17:45:02Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>' 2017-05-11T17:45:02Z DEBUG Failed to enable profile '%s' (it is probably already enabled) 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'set-cookie': 'JSESSIONID=443AA868D159B3A3F72EA18F2EFE1E24; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:01 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG duration: 6 seconds 2017-05-11T17:45:02Z DEBUG [28/31]: importing IPA certificate profiles 2017-05-11T17:45:02Z DEBUG Created connection context.ldap2_94110736 2017-05-11T17:45:02Z DEBUG Created connection context.ldap2_92621008 2017-05-11T17:45:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x39fcd40> 2017-05-11T17:45:02Z DEBUG Destroyed connection context.ldap2_92621008 2017-05-11T17:45:02Z DEBUG Created connection context.ldap2_92620496 2017-05-11T17:45:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7d47290> 2017-05-11T17:45:02Z DEBUG Destroyed connection context.ldap2_92620496 2017-05-11T17:45:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x264e758> 2017-05-11T17:45:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:02Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:02Z DEBUG Trying to find certificate subject base in sysupgrade 2017-05-11T17:45:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:45:02Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=43C547EC93B76B10BC907137BE9B1FF6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:02Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 201 2017-05-11T17:45:02Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-length': '7318', 'content-type': 'application/json', 'location': 'https://ipa.rdlg.net:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '#Thu May 11 11:45:02 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n' 2017-05-11T17:45:02Z INFO Profile 'IECUserRoles' successfully migrated to LDAP 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/IECUserRoles?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'set-cookie': 'JSESSIONID=970D396011F147B393C24C7AE59A83FD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z INFO Imported profile 'IECUserRoles' 2017-05-11T17:45:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:02Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:02Z DEBUG Trying to find certificate subject base in sysupgrade 2017-05-11T17:45:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:45:02Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C0152F141E7F9044EB706BD244F39389; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:02Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw 2017-05-11T17:45:02Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 409 2017-05-11T17:45:02Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}' 2017-05-11T17:45:02Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=disable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request PUT https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert/raw 2017-05-11T17:45:02Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 200 2017-05-11T17:45:02Z DEBUG response headers {'content-length': '6993', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/json'} 2017-05-11T17:45:02Z DEBUG response body '#Thu May 11 11:45:02 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n' 2017-05-11T17:45:02Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:02Z DEBUG response status 204 2017-05-11T17:45:02Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:02Z DEBUG response body '' 2017-05-11T17:45:02Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:02Z DEBUG request body '' 2017-05-11T17:45:02Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:02Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:02Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:02Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:02Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:02Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:02Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:03Z DEBUG response status 204 2017-05-11T17:45:03Z DEBUG response headers {'set-cookie': 'JSESSIONID=8ADDE8A8FAAF4B69DE523A60A404CF8C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:03Z DEBUG response body '' 2017-05-11T17:45:03Z INFO Imported profile 'caIPAserviceCert' 2017-05-11T17:45:03Z DEBUG Destroyed connection context.ldap2_94110736 2017-05-11T17:45:03Z DEBUG duration: 0 seconds 2017-05-11T17:45:03Z DEBUG [29/31]: adding default CA ACL 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_60067536 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_94827024 2017-05-11T17:45:03Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:03Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x5a64998> 2017-05-11T17:45:03Z DEBUG Destroyed connection context.ldap2_94827024 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_94827664 2017-05-11T17:45:03Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:03Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x58ccdd0> 2017-05-11T17:45:03Z DEBUG Destroyed connection context.ldap2_94827664 2017-05-11T17:45:03Z DEBUG raw: caacl_find(None, version=u'2.213') 2017-05-11T17:45:03Z DEBUG caacl_find(None, all=False, raw=False, version=u'2.213', no_members=True, pkey_only=False) 2017-05-11T17:45:03Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:03Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2b3ce60> 2017-05-11T17:45:03Z DEBUG raw: caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', version=u'2.213') 2017-05-11T17:45:03Z DEBUG caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', all=False, raw=False, version=u'2.213', no_members=False) 2017-05-11T17:45:03Z DEBUG raw: caacl_add_profile(u'hosts_services_caIPAserviceCert', version=u'2.213', certprofile=(u'caIPAserviceCert',)) 2017-05-11T17:45:03Z DEBUG caacl_add_profile(u'hosts_services_caIPAserviceCert', all=False, raw=False, version=u'2.213', no_members=False, certprofile=(u'caIPAserviceCert',)) 2017-05-11T17:45:03Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=rdlg,dc=net group_dn=ipaUniqueID=901de86a-3671-11e7-b239-0050568f60a6,cn=caacls,cn=ca,dc=rdlg,dc=net member_attr=ipamembercertprofile 2017-05-11T17:45:03Z DEBUG Destroyed connection context.ldap2_60067536 2017-05-11T17:45:03Z DEBUG duration: 0 seconds 2017-05-11T17:45:03Z DEBUG [30/31]: adding 'ipa' CA entry 2017-05-11T17:45:03Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login 2017-05-11T17:45:03Z DEBUG request body '' 2017-05-11T17:45:03Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:03Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:03Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:03Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:03Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:03Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:03Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:03Z DEBUG response status 200 2017-05-11T17:45:03Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3A002B0573A893F97D2B5D08A5F57FAC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:03Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>' 2017-05-11T17:45:03Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/authorities/host-authority 2017-05-11T17:45:03Z DEBUG request body '' 2017-05-11T17:45:03Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:03Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:03Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:03Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:03Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:03Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:03Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:03Z DEBUG response status 200 2017-05-11T17:45:03Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/json'} 2017-05-11T17:45:03Z DEBUG response body '{"isHostAuthority":true,"id":"4aab67d3-5a9e-42d9-b890-d7602e4f3470","parentID":null,"issuerDN":"CN=Certificate Authority,O=RDLG.NET","serial":1,"dn":"CN=Certificate Authority,O=RDLG.NET","enabled":true,"description":"Host authority","ready":true,"link":null}' 2017-05-11T17:45:03Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout 2017-05-11T17:45:03Z DEBUG request body '' 2017-05-11T17:45:03Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:03Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:03Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:03Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:03Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:03Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:03Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:03Z DEBUG response status 204 2017-05-11T17:45:03Z DEBUG response headers {'set-cookie': 'JSESSIONID=D32020E514E0FC38A5813FBAE6DFDDC1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 17:45:02 GMT', 'content-type': 'application/xml'} 2017-05-11T17:45:03Z DEBUG response body '' 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_60067536 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_131289808 2017-05-11T17:45:03Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:03Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7d43b00> 2017-05-11T17:45:03Z DEBUG Destroyed connection context.ldap2_131289808 2017-05-11T17:45:03Z DEBUG Created connection context.ldap2_94886672 2017-05-11T17:45:03Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:45:03Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7d399e0> 2017-05-11T17:45:04Z DEBUG Destroyed connection context.ldap2_94886672 2017-05-11T17:45:04Z DEBUG Destroyed connection context.ldap2_60067536 2017-05-11T17:45:04Z DEBUG duration: 0 seconds 2017-05-11T17:45:04Z DEBUG [31/31]: updating IPA configuration 2017-05-11T17:45:04Z DEBUG duration: 0 seconds 2017-05-11T17:45:04Z DEBUG Done configuring certificate server (pki-tomcatd). 2017-05-11T17:45:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -L -n RDLG.NET IPA CA -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:04Z DEBUG Configuring directory server (dirsrv). Estimated time: 10 seconds 2017-05-11T17:45:04Z DEBUG [1/3]: configuring ssl for ds instance 2017-05-11T17:45:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n ipaCert 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET] "ipaCert" [CN=IPA RA,O=RDLG.NET] 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=255 2017-05-11T17:45:04Z DEBUG stdout= 2017-05-11T17:45:04Z DEBUG stderr=certutil: Could not find cert: RDLG.NET IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -N -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout= 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n RDLG.NET IPA CA -t CT,C,C -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout= 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-6wz3R5/tmpcertreq -k rsa -g 2048 -z /etc/dirsrv/slapd-RDLG-NET//noise.txt -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout= 2017-05-11T17:45:04Z DEBUG stderr= Generating key. This may take a few moments... 2017-05-11T17:45:04Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient 2017-05-11T17:45:04Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrzDKJvQoIN%0D%0AH9j9uNTJMggfpX05vY3LUBvpDrfTuImzB%2BpbaTHy1R2Zp4APfmhJx1OEC3V2VwUc%0D%0APqBr7mYZ8GrkKU54xTw3u0FQ19Dt0DHxdTpk%2FME0R9jhYb%2F%2BmRNLxP279iyz1m9%2F%0D%0AivGRU00HYX63fiB6kmVtkg1fRXALFCbyT%2FXes8UmcxC3%2FkDz2XtBwgXihdhXYwrI%0D%0A%2BGO0%2FysxszlNQtZe1eeufrhR%2Ft3U52qRJOVpbbT5xICLe9Sf%2BhkZYfd2NDxsA%2Fjr%0D%0A629EqacVp4%2Bq7bdI8c2cTXu%2FFTnMy%2BqTg73k3KiuvtBLr3yduLTolk8sV7z4J%2Byb%0D%0AYhsYQdqtHqkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCY3JexAupvy8ZOh7l3%0D%0AJEEIKdpjbaonR9sukGB1K3sewrgivRt%2B95FMsnvjjinUUsLBdj3AXO1J5rrISEyb%0D%0AubANdeUyNUtJd2IgNBxJGfqvucYfuTTF1GW25rn5BxFDDd637gFzJbr9noTITSW4%0D%0AiHi58q8wNZVrCYBb2siDL70CsZABxtE0na%2FRR45LgGJDC1uaqbYLjinure6ZKsA1%0D%0APjWGfIgEl0X8ouQwnf4tVtUdEahqN3wXHsvsS3eCiBAqrbGQPgPsnyMuSXc1Ux99%0D%0A6sCtsCXvJKyjcyecHKOdtwDFgk1Ihp6SfouRpiHZqug1h4xfeehyATqKGE%2FrKgC2%0D%0AD9rK%0A&cert_request_type=pkcs10&xmlOutput=true' 2017-05-11T17:45:04Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:45:04Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:45:04Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:45:04Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:45:04Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:45:04Z DEBUG Protocol: TLS1.2 2017-05-11T17:45:04Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:45:04Z DEBUG response status 200 2017-05-11T17:45:04Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:45:04 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:45:04Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>8</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>8</serialno><b64>MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3NDUwNFoXDTE5MDUxMjE3NDUwNFowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrzDKJvQoINH9j9uNTJMggfpX05vY3LUBvpDrfTuImzB+pbaTHy1R2Zp4APfmhJx1OEC3V2VwUcPqBr7mYZ8GrkKU54xTw3u0FQ19Dt0DHxdTpk/ME0R9jhYb/+mRNLxP279iyz1m9/ivGRU00HYX63fiB6kmVtkg1fRXALFCbyT/Xes8UmcxC3/kDz2XtBwgXihdhXYwrI+GO0/ysxszlNQtZe1eeufrhR/t3U52qRJOVpbbT5xICLe9Sf+hkZYfd2NDxsA/jr629EqacVp4+q7bdI8c2cTXu/FTnMy+qTg73k3KiuvtBLr3yduLTolk8sV7z4J+ybYhsYQdqtHqkCAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFI4Ozna7x12rKpS4Bajb3NlnPW60MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFAikdxmXnNREizWppKwW+/QEnO1MMA0GCSqGSIb3DQEBCwUAA4IBAQC3LZzdxQY5G/NCw+myIxfhAoFIjQS3nKGHMjK80/wGaG8EtjCGbuwrIVBvzJG6BTxLnx5euIpTzADpvdJ5oqKG9Ib6KGTE8e3+Rp62UA4agzRuGhbQktCRc8xy+oq7oDMGynjEUGtCEvrXTo9mEjdbdN5s2xZVb34nVgwd3wi9TnZ1Vjtb27z6QF+kZ5TSHQVQj5b6hciWL6rCyLfhkVOFvaaD9SBnW3BpVwOFfHIecs5Z4X4kzmHWL8OPVRA14ubgdYN2tcimLhb7kDj8Er2LcX63FxatnFLf5dcR21Bh3Ac+QHipudYUuK53Rg6RE615KX3FEozvlaPDLfoGK6P6</b64></Request></Requests></XMLResponse>' 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-6wz3R5/tmpcert.der -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout= 2017-05-11T17:45:04Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. 2017-05-11T17:45:04Z DEBUG Starting external process 2017-05-11T17:45:04Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n Server-Cert -a 2017-05-11T17:45:04Z DEBUG Process finished, return code=0 2017-05-11T17:45:04Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDUwNFoXDTE5MDUxMjE3NDUwNFowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMrzDKJvQoINH9j9uNTJMggfpX05vY3LUBvpDrfTuImzB+pbaTHy1R2Zp4APfmhJ x1OEC3V2VwUcPqBr7mYZ8GrkKU54xTw3u0FQ19Dt0DHxdTpk/ME0R9jhYb/+mRNL xP279iyz1m9/ivGRU00HYX63fiB6kmVtkg1fRXALFCbyT/Xes8UmcxC3/kDz2XtB wgXihdhXYwrI+GO0/ysxszlNQtZe1eeufrhR/t3U52qRJOVpbbT5xICLe9Sf+hkZ Yfd2NDxsA/jr629EqacVp4+q7bdI8c2cTXu/FTnMy+qTg73k3KiuvtBLr3yduLTo lk8sV7z4J+ybYhsYQdqtHqkCAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFI4Ozna7 x12rKpS4Bajb3NlnPW60MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0 cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0 cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HQYDVR0OBBYEFAikdxmXnNREizWppKwW+/QEnO1MMA0GCSqGSIb3DQEBCwUAA4IB AQC3LZzdxQY5G/NCw+myIxfhAoFIjQS3nKGHMjK80/wGaG8EtjCGbuwrIVBvzJG6 BTxLnx5euIpTzADpvdJ5oqKG9Ib6KGTE8e3+Rp62UA4agzRuGhbQktCRc8xy+oq7 oDMGynjEUGtCEvrXTo9mEjdbdN5s2xZVb34nVgwd3wi9TnZ1Vjtb27z6QF+kZ5TS HQVQj5b6hciWL6rCyLfhkVOFvaaD9SBnW3BpVwOFfHIecs5Z4X4kzmHWL8OPVRA1 4ubgdYN2tcimLhb7kDj8Er2LcX63FxatnFLf5dcR21Bh3Ac+QHipudYUuK53Rg6R E615KX3FEozvlaPDLfoGK6P6 -----END CERTIFICATE----- 2017-05-11T17:45:04Z DEBUG stderr= 2017-05-11T17:45:05Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:45:05Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x5a73908> 2017-05-11T17:45:05Z DEBUG duration: 1 seconds 2017-05-11T17:45:05Z DEBUG [2/3]: restarting directory server 2017-05-11T17:45:05Z DEBUG Starting external process 2017-05-11T17:45:05Z DEBUG args=/bin/systemctl --system daemon-reload 2017-05-11T17:45:05Z DEBUG Process finished, return code=0 2017-05-11T17:45:05Z DEBUG stdout= 2017-05-11T17:45:05Z DEBUG stderr= 2017-05-11T17:45:05Z DEBUG Starting external process 2017-05-11T17:45:05Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout= 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=active 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=active 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG duration: 1 seconds 2017-05-11T17:45:07Z DEBUG [3/3]: adding CA certificate entry 2017-05-11T17:45:07Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u RDLG.NET IPA CA CT,C,C 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -O -n RDLG.NET IPA CA 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET] 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:45:07Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x58e5680> 2017-05-11T17:45:07Z DEBUG duration: 0 seconds 2017-05-11T17:45:07Z DEBUG Done configuring directory server (dirsrv). 2017-05-11T17:45:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=keyctl get_persistent @s 0 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=523689640 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Enabling persistent keyring CCACHE 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/bin/systemctl is-active krb5kdc.service 2017-05-11T17:45:07Z DEBUG Process finished, return code=3 2017-05-11T17:45:07Z DEBUG stdout=unknown 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/bin/systemctl stop krb5kdc.service 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout= 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds 2017-05-11T17:45:07Z DEBUG [1/9]: adding kerberos container to the directory 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpPjie1X -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpxeroxb 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=add objectClass: krbContainer top add cn: kerberos adding new entry "cn=kerberos,dc=rdlg,dc=net" modify complete add cn: RDLG.NET add objectClass: top krbrealmcontainer krbticketpolicyaux add krbSubTrees: dc=rdlg,dc=net add krbSearchScope: 2 add krbSupportedEncSaltTypes: aes256-cts:normal aes256-cts:special aes128-cts:normal aes128-cts:special des3-hmac-sha1:normal des3-hmac-sha1:special arcfour-hmac:normal arcfour-hmac:special camellia128-cts-cmac:normal camellia128-cts-cmac:special camellia256-cts-cmac:normal camellia256-cts-cmac:special add krbMaxTicketLife: 86400 add krbMaxRenewableAge: 604800 add krbDefaultEncSaltTypes: aes256-cts:special aes128-cts:special adding new entry "cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net" modify complete add objectClass: top nsContainer krbPwdPolicy add krbMinPwdLife: 3600 add krbPwdMinDiffChars: 0 add krbPwdMinLength: 8 add krbPwdHistoryLength: 0 add krbMaxPwdLife: 7776000 add krbPwdMaxFailure: 6 add krbPwdFailureCountInterval: 60 add krbPwdLockoutDuration: 600 adding new entry "cn=global_policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net" modify complete 2017-05-11T17:45:07Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base ) 2017-05-11T17:45:07Z DEBUG duration: 0 seconds 2017-05-11T17:45:07Z DEBUG [2/9]: configuring KDC 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' 2017-05-11T17:45:07Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2017-05-11T17:45:07Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' 2017-05-11T17:45:07Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' 2017-05-11T17:45:07Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' 2017-05-11T17:45:07Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=klist -V 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout=Kerberos 5 version 1.14.1 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' 2017-05-11T17:45:07Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout= 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=/sbin/restorecon /etc/sysconfig/krb5kdc 2017-05-11T17:45:07Z DEBUG Process finished, return code=0 2017-05-11T17:45:07Z DEBUG stdout= 2017-05-11T17:45:07Z DEBUG stderr= 2017-05-11T17:45:07Z DEBUG duration: 0 seconds 2017-05-11T17:45:07Z DEBUG [3/9]: initialize kerberos container 2017-05-11T17:45:07Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays 2017-05-11T17:45:07Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays 2017-05-11T17:45:07Z DEBUG Starting external process 2017-05-11T17:45:07Z DEBUG args=kdb5_util create -s -r RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:06Z DEBUG Process finished, return code=0 2017-05-11T17:47:06Z DEBUG stdout=Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'RDLG.NET', master key name 'K/M@RDLG.NET' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: 2017-05-11T17:47:06Z DEBUG stderr= 2017-05-11T17:47:06Z DEBUG duration: 118 seconds 2017-05-11T17:47:06Z DEBUG [4/9]: adding default ACIs 2017-05-11T17:47:06Z DEBUG Starting external process 2017-05-11T17:47:06Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpf46PQR -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpDaDbl0 2017-05-11T17:47:06Z DEBUG Process finished, return code=0 2017-05-11T17:47:06Z DEBUG stdout=add aci: (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) modifying entry "dc=rdlg,dc=net" modify complete add aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) modifying entry "dc=rdlg,dc=net" modify complete add aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) modifying entry "cn=etc,dc=rdlg,dc=net" modify complete add aci: (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) modifying entry "cn=ipa,cn=etc,dc=rdlg,dc=net" modify complete add aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) modifying entry "cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) modifying entry "cn=accounts,dc=rdlg,dc=net" modify complete add aci: (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) modifying entry "dc=rdlg,dc=net" modify complete 2017-05-11T17:47:06Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base ) 2017-05-11T17:47:06Z DEBUG duration: 0 seconds 2017-05-11T17:47:06Z DEBUG [5/9]: creating a keytab for the directory 2017-05-11T17:47:06Z DEBUG Starting external process 2017-05-11T17:47:06Z DEBUG args=kadmin.local -q addprinc -randkey ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:06Z DEBUG Process finished, return code=0 2017-05-11T17:47:06Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Principal "ldap/ipa.rdlg.net@RDLG.NET" created. 2017-05-11T17:47:06Z DEBUG stderr=WARNING: no policy specified for ldap/ipa.rdlg.net@RDLG.NET; defaulting to no policy 2017-05-11T17:47:06Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:06Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x57a0e18> 2017-05-11T17:47:06Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2017-05-11T17:47:06Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2017-05-11T17:47:06Z DEBUG Starting external process 2017-05-11T17:47:06Z DEBUG args=kadmin.local -q ktadd -k /etc/dirsrv/ds.keytab ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:07Z DEBUG Process finished, return code=0 2017-05-11T17:47:07Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. 2017-05-11T17:47:07Z DEBUG stderr= 2017-05-11T17:47:07Z DEBUG duration: 0 seconds 2017-05-11T17:47:07Z DEBUG [6/9]: creating a keytab for the machine 2017-05-11T17:47:07Z DEBUG Starting external process 2017-05-11T17:47:07Z DEBUG args=kadmin.local -q addprinc -randkey host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:07Z DEBUG Process finished, return code=0 2017-05-11T17:47:07Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Principal "host/ipa.rdlg.net@RDLG.NET" created. 2017-05-11T17:47:07Z DEBUG stderr=WARNING: no policy specified for host/ipa.rdlg.net@RDLG.NET; defaulting to no policy 2017-05-11T17:47:07Z DEBUG Backing up system configuration file '/etc/krb5.keytab' 2017-05-11T17:47:07Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist 2017-05-11T17:47:07Z DEBUG Starting external process 2017-05-11T17:47:07Z DEBUG args=kadmin.local -q ktadd -k /etc/krb5.keytab host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:07Z DEBUG Process finished, return code=0 2017-05-11T17:47:07Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. 2017-05-11T17:47:07Z DEBUG stderr= 2017-05-11T17:47:07Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:47:07Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:47:07Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:47:07Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:47:08Z DEBUG Created connection context.ldap2_131014928 2017-05-11T17:47:08Z DEBUG Destroyed connection context.ldap2_131014928 2017-05-11T17:47:08Z DEBUG Created connection context.ldap2_131014928 2017-05-11T17:47:08Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' 2017-05-11T17:47:08Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:08Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa170cb0> 2017-05-11T17:47:08Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG --------------------------------------------- 2017-05-11T17:47:08Z DEBUG Initial value 2017-05-11T17:47:08Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG objectClass: 2017-05-11T17:47:08Z DEBUG top 2017-05-11T17:47:08Z DEBUG groupOfNames 2017-05-11T17:47:08Z DEBUG nestedGroup 2017-05-11T17:47:08Z DEBUG ipaobject 2017-05-11T17:47:08Z DEBUG ipahostgroup 2017-05-11T17:47:08Z DEBUG cn: 2017-05-11T17:47:08Z DEBUG ipaservers 2017-05-11T17:47:08Z DEBUG ipaUniqueID: 2017-05-11T17:47:08Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:47:08Z DEBUG description: 2017-05-11T17:47:08Z DEBUG IPA server hosts 2017-05-11T17:47:08Z DEBUG --------------------------------------------- 2017-05-11T17:47:08Z DEBUG Final value after applying updates 2017-05-11T17:47:08Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG objectClass: 2017-05-11T17:47:08Z DEBUG top 2017-05-11T17:47:08Z DEBUG groupOfNames 2017-05-11T17:47:08Z DEBUG nestedGroup 2017-05-11T17:47:08Z DEBUG ipaobject 2017-05-11T17:47:08Z DEBUG ipahostgroup 2017-05-11T17:47:08Z DEBUG cn: 2017-05-11T17:47:08Z DEBUG ipaservers 2017-05-11T17:47:08Z DEBUG ipaUniqueID: 2017-05-11T17:47:08Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:47:08Z DEBUG description: 2017-05-11T17:47:08Z DEBUG IPA server hosts 2017-05-11T17:47:08Z DEBUG [] 2017-05-11T17:47:08Z DEBUG Updated 0 2017-05-11T17:47:08Z DEBUG Done 2017-05-11T17:47:08Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG --------------------------------------------- 2017-05-11T17:47:08Z DEBUG Initial value 2017-05-11T17:47:08Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG objectClass: 2017-05-11T17:47:08Z DEBUG top 2017-05-11T17:47:08Z DEBUG groupOfNames 2017-05-11T17:47:08Z DEBUG nestedGroup 2017-05-11T17:47:08Z DEBUG ipaobject 2017-05-11T17:47:08Z DEBUG ipahostgroup 2017-05-11T17:47:08Z DEBUG cn: 2017-05-11T17:47:08Z DEBUG ipaservers 2017-05-11T17:47:08Z DEBUG ipaUniqueID: 2017-05-11T17:47:08Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:47:08Z DEBUG description: 2017-05-11T17:47:08Z DEBUG IPA server hosts 2017-05-11T17:47:08Z DEBUG add: 'fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:47:08Z DEBUG add: updated value ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:47:08Z DEBUG --------------------------------------------- 2017-05-11T17:47:08Z DEBUG Final value after applying updates 2017-05-11T17:47:08Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG objectClass: 2017-05-11T17:47:08Z DEBUG top 2017-05-11T17:47:08Z DEBUG groupOfNames 2017-05-11T17:47:08Z DEBUG nestedGroup 2017-05-11T17:47:08Z DEBUG ipaobject 2017-05-11T17:47:08Z DEBUG ipahostgroup 2017-05-11T17:47:08Z DEBUG member: 2017-05-11T17:47:08Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:08Z DEBUG cn: 2017-05-11T17:47:08Z DEBUG ipaservers 2017-05-11T17:47:08Z DEBUG ipaUniqueID: 2017-05-11T17:47:08Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:47:08Z DEBUG description: 2017-05-11T17:47:08Z DEBUG IPA server hosts 2017-05-11T17:47:08Z DEBUG [(2, u'member', ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:47:08Z DEBUG Updated 1 2017-05-11T17:47:08Z DEBUG Done 2017-05-11T17:47:08Z DEBUG Destroyed connection context.ldap2_131014928 2017-05-11T17:47:08Z DEBUG duration: 1 seconds 2017-05-11T17:47:08Z DEBUG [7/9]: adding the password extension to the directory 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpr0EUSp -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpMpoSeq 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_pwd_extop add nsslapd-pluginpath: libipa_pwd_extop add nsslapd-plugininitfunc: ipapwd_init add nsslapd-plugintype: extendedop add nsslapd-pluginbetxn: on add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_pwd_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=rdlg,dc=net adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" modify complete 2017-05-11T17:47:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base ) 2017-05-11T17:47:08Z DEBUG duration: 0 seconds 2017-05-11T17:47:08Z DEBUG [8/9]: starting the KDC 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl start krb5kdc.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout= 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl is-active krb5kdc.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout=active 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG duration: 0 seconds 2017-05-11T17:47:08Z DEBUG [9/9]: configuring KDC to start on boot 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl is-enabled krb5kdc.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=1 2017-05-11T17:47:08Z DEBUG stdout=disabled 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl disable krb5kdc.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout= 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG duration: 0 seconds 2017-05-11T17:47:08Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2017-05-11T17:47:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Configuring kadmin 2017-05-11T17:47:08Z DEBUG [1/2]: starting kadmin 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl is-active kadmin.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=3 2017-05-11T17:47:08Z DEBUG stdout=unknown 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl restart kadmin.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout= 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl is-active kadmin.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=0 2017-05-11T17:47:08Z DEBUG stdout=active 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG duration: 0 seconds 2017-05-11T17:47:08Z DEBUG [2/2]: configuring kadmin to start on boot 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl is-enabled kadmin.service 2017-05-11T17:47:08Z DEBUG Process finished, return code=1 2017-05-11T17:47:08Z DEBUG stdout=disabled 2017-05-11T17:47:08Z DEBUG stderr= 2017-05-11T17:47:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:08Z DEBUG Starting external process 2017-05-11T17:47:08Z DEBUG args=/bin/systemctl disable kadmin.service 2017-05-11T17:47:09Z DEBUG Process finished, return code=0 2017-05-11T17:47:09Z DEBUG stdout= 2017-05-11T17:47:09Z DEBUG stderr= 2017-05-11T17:47:09Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:09Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa717d40> 2017-05-11T17:47:09Z DEBUG duration: 0 seconds 2017-05-11T17:47:09Z DEBUG Done configuring kadmin. 2017-05-11T17:47:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:09Z DEBUG Starting external process 2017-05-11T17:47:09Z DEBUG args=/bin/systemctl disable pki-tomcatd.target 2017-05-11T17:47:09Z DEBUG Process finished, return code=0 2017-05-11T17:47:09Z DEBUG stdout= 2017-05-11T17:47:09Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target. 2017-05-11T17:47:09Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:09Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa317998> 2017-05-11T17:47:09Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed. 2017-05-11T17:47:09Z DEBUG Starting external process 2017-05-11T17:47:09Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:47:09Z DEBUG Process finished, return code=0 2017-05-11T17:47:09Z DEBUG stdout=active 2017-05-11T17:47:09Z DEBUG stderr= 2017-05-11T17:47:09Z DEBUG Stopping pki-tomcatd@pki-tomcat. 2017-05-11T17:47:09Z DEBUG Starting external process 2017-05-11T17:47:09Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service 2017-05-11T17:47:10Z DEBUG Process finished, return code=0 2017-05-11T17:47:10Z DEBUG stdout= 2017-05-11T17:47:10Z DEBUG stderr= 2017-05-11T17:47:10Z DEBUG Starting pki-tomcatd@pki-tomcat. 2017-05-11T17:47:10Z DEBUG Starting external process 2017-05-11T17:47:10Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service 2017-05-11T17:47:10Z DEBUG Process finished, return code=0 2017-05-11T17:47:10Z DEBUG stdout= 2017-05-11T17:47:10Z DEBUG stderr= 2017-05-11T17:47:10Z DEBUG Starting external process 2017-05-11T17:47:10Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:47:10Z DEBUG Process finished, return code=0 2017-05-11T17:47:10Z DEBUG stdout=active 2017-05-11T17:47:10Z DEBUG stderr= 2017-05-11T17:47:10Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-05-11T17:47:12Z DEBUG Waiting until the CA is running 2017-05-11T17:47:12Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus 2017-05-11T17:47:12Z DEBUG request body '' 2017-05-11T17:47:18Z DEBUG response status 200 2017-05-11T17:47:18Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:47:18 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:47:18Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>' 2017-05-11T17:47:18Z DEBUG The CA status is: running 2017-05-11T17:47:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:18Z INFO [Set up lightweight CA key retrieval] 2017-05-11T17:47:18Z INFO Creating principal 2017-05-11T17:47:18Z DEBUG Starting external process 2017-05-11T17:47:18Z DEBUG args=kadmin.local -q addprinc -randkey dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:18Z DEBUG Process finished, return code=0 2017-05-11T17:47:18Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Principal "dogtag/ipa.rdlg.net@RDLG.NET" created. 2017-05-11T17:47:18Z DEBUG stderr=WARNING: no policy specified for dogtag/ipa.rdlg.net@RDLG.NET; defaulting to no policy 2017-05-11T17:47:18Z INFO Retrieving keytab 2017-05-11T17:47:18Z DEBUG Starting external process 2017-05-11T17:47:18Z DEBUG args=kadmin.local -q ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:18Z DEBUG Process finished, return code=0 2017-05-11T17:47:18Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. 2017-05-11T17:47:18Z DEBUG stderr= 2017-05-11T17:47:18Z INFO Creating Custodia keys 2017-05-11T17:47:18Z DEBUG Created connection context.ldap2_178947216 2017-05-11T17:47:18Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:18Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa48db00> 2017-05-11T17:47:18Z DEBUG Destroyed connection context.ldap2_178947216 2017-05-11T17:47:18Z DEBUG Created connection context.ldap2_178946768 2017-05-11T17:47:18Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:18Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae31dd0> 2017-05-11T17:47:18Z DEBUG Destroyed connection context.ldap2_178946768 2017-05-11T17:47:19Z INFO Configuring key retriever 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:19Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:47:19Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa718a28> 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Configuring ipa_memcached 2017-05-11T17:47:19Z DEBUG [1/2]: starting ipa_memcached 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-active ipa_memcached.service 2017-05-11T17:47:19Z DEBUG Process finished, return code=3 2017-05-11T17:47:19Z DEBUG stdout=unknown 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl restart ipa_memcached.service 2017-05-11T17:47:19Z DEBUG Process finished, return code=0 2017-05-11T17:47:19Z DEBUG stdout= 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-active ipa_memcached.service 2017-05-11T17:47:19Z DEBUG Process finished, return code=0 2017-05-11T17:47:19Z DEBUG stdout=active 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG duration: 0 seconds 2017-05-11T17:47:19Z DEBUG [2/2]: configuring ipa_memcached to start on boot 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-enabled ipa_memcached.service 2017-05-11T17:47:19Z DEBUG Process finished, return code=1 2017-05-11T17:47:19Z DEBUG stdout=disabled 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl disable ipa_memcached.service 2017-05-11T17:47:19Z DEBUG Process finished, return code=0 2017-05-11T17:47:19Z DEBUG stdout= 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:47:19Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa8b6320> 2017-05-11T17:47:19Z DEBUG duration: 0 seconds 2017-05-11T17:47:19Z DEBUG Done configuring ipa_memcached. 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Configuring ipa-otpd 2017-05-11T17:47:19Z DEBUG [1/2]: starting ipa-otpd 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket 2017-05-11T17:47:19Z DEBUG Process finished, return code=3 2017-05-11T17:47:19Z DEBUG stdout=unknown 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl restart ipa-otpd.socket 2017-05-11T17:47:19Z DEBUG Process finished, return code=0 2017-05-11T17:47:19Z DEBUG stdout= 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket 2017-05-11T17:47:19Z DEBUG Process finished, return code=0 2017-05-11T17:47:19Z DEBUG stdout=active 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG duration: 0 seconds 2017-05-11T17:47:19Z DEBUG [2/2]: configuring ipa-otpd to start on boot 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl is-enabled ipa-otpd.socket 2017-05-11T17:47:19Z DEBUG Process finished, return code=1 2017-05-11T17:47:19Z DEBUG stdout=disabled 2017-05-11T17:47:19Z DEBUG stderr= 2017-05-11T17:47:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:19Z DEBUG Starting external process 2017-05-11T17:47:19Z DEBUG args=/bin/systemctl disable ipa-otpd.socket 2017-05-11T17:47:20Z DEBUG Process finished, return code=0 2017-05-11T17:47:20Z DEBUG stdout= 2017-05-11T17:47:20Z DEBUG stderr= 2017-05-11T17:47:20Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:47:20Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7e4a758> 2017-05-11T17:47:20Z DEBUG duration: 0 seconds 2017-05-11T17:47:20Z DEBUG Done configuring ipa-otpd. 2017-05-11T17:47:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:20Z DEBUG Configuring ipa-custodia 2017-05-11T17:47:20Z DEBUG [1/5]: Generating ipa-custodia config file 2017-05-11T17:47:20Z DEBUG duration: 0 seconds 2017-05-11T17:47:20Z DEBUG [2/5]: Making sure custodia container exists 2017-05-11T17:47:20Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:47:20Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:47:20Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:47:20Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:47:21Z DEBUG Created connection context.ldap2_200726416 2017-05-11T17:47:21Z DEBUG Destroyed connection context.ldap2_200726416 2017-05-11T17:47:21Z DEBUG Created connection context.ldap2_200726416 2017-05-11T17:47:21Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' 2017-05-11T17:47:21Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:21Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7e163f8> 2017-05-11T17:47:21Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG --------------------------------------------- 2017-05-11T17:47:21Z DEBUG Initial value 2017-05-11T17:47:21Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG objectClass: 2017-05-11T17:47:21Z DEBUG nsContainer 2017-05-11T17:47:21Z DEBUG top 2017-05-11T17:47:21Z DEBUG cn: 2017-05-11T17:47:21Z DEBUG custodia 2017-05-11T17:47:21Z DEBUG --------------------------------------------- 2017-05-11T17:47:21Z DEBUG Final value after applying updates 2017-05-11T17:47:21Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG objectClass: 2017-05-11T17:47:21Z DEBUG nsContainer 2017-05-11T17:47:21Z DEBUG top 2017-05-11T17:47:21Z DEBUG cn: 2017-05-11T17:47:21Z DEBUG custodia 2017-05-11T17:47:21Z DEBUG [] 2017-05-11T17:47:21Z DEBUG Updated 0 2017-05-11T17:47:21Z DEBUG Done 2017-05-11T17:47:21Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG --------------------------------------------- 2017-05-11T17:47:21Z DEBUG Initial value 2017-05-11T17:47:21Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG objectClass: 2017-05-11T17:47:21Z DEBUG nsContainer 2017-05-11T17:47:21Z DEBUG top 2017-05-11T17:47:21Z DEBUG cn: 2017-05-11T17:47:21Z DEBUG dogtag 2017-05-11T17:47:21Z DEBUG --------------------------------------------- 2017-05-11T17:47:21Z DEBUG Final value after applying updates 2017-05-11T17:47:21Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:21Z DEBUG objectClass: 2017-05-11T17:47:21Z DEBUG nsContainer 2017-05-11T17:47:21Z DEBUG top 2017-05-11T17:47:21Z DEBUG cn: 2017-05-11T17:47:21Z DEBUG dogtag 2017-05-11T17:47:21Z DEBUG [] 2017-05-11T17:47:21Z DEBUG Updated 0 2017-05-11T17:47:21Z DEBUG Done 2017-05-11T17:47:21Z DEBUG Destroyed connection context.ldap2_200726416 2017-05-11T17:47:21Z DEBUG duration: 1 seconds 2017-05-11T17:47:21Z DEBUG [3/5]: Generating ipa-custodia keys 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [4/5]: starting ipa-custodia 2017-05-11T17:47:21Z DEBUG Starting external process 2017-05-11T17:47:21Z DEBUG args=/bin/systemctl is-active ipa-custodia.service 2017-05-11T17:47:21Z DEBUG Process finished, return code=3 2017-05-11T17:47:21Z DEBUG stdout=unknown 2017-05-11T17:47:21Z DEBUG stderr= 2017-05-11T17:47:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:21Z DEBUG Starting external process 2017-05-11T17:47:21Z DEBUG args=/bin/systemctl restart ipa-custodia.service 2017-05-11T17:47:21Z DEBUG Process finished, return code=0 2017-05-11T17:47:21Z DEBUG stdout= 2017-05-11T17:47:21Z DEBUG stderr= 2017-05-11T17:47:21Z DEBUG Starting external process 2017-05-11T17:47:21Z DEBUG args=/bin/systemctl is-active ipa-custodia.service 2017-05-11T17:47:21Z DEBUG Process finished, return code=0 2017-05-11T17:47:21Z DEBUG stdout=active 2017-05-11T17:47:21Z DEBUG stderr= 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [5/5]: configuring ipa-custodia to start on boot 2017-05-11T17:47:21Z DEBUG Starting external process 2017-05-11T17:47:21Z DEBUG args=/bin/systemctl is-enabled ipa-custodia.service 2017-05-11T17:47:21Z DEBUG Process finished, return code=1 2017-05-11T17:47:21Z DEBUG stdout=disabled 2017-05-11T17:47:21Z DEBUG stderr= 2017-05-11T17:47:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:21Z DEBUG Starting external process 2017-05-11T17:47:21Z DEBUG args=/bin/systemctl disable ipa-custodia.service 2017-05-11T17:47:21Z DEBUG Process finished, return code=0 2017-05-11T17:47:21Z DEBUG stdout= 2017-05-11T17:47:21Z DEBUG stderr= 2017-05-11T17:47:21Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:21Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xdb6f3f8> 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG Done configuring ipa-custodia. 2017-05-11T17:47:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:21Z DEBUG Configuring the web interface (httpd). Estimated time: 1 minute 2017-05-11T17:47:21Z DEBUG [1/21]: setting mod_nss port to 443 2017-05-11T17:47:21Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/nss.conf' 2017-05-11T17:47:21Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [2/21]: setting mod_nss cipher suite 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [3/21]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [4/21]: setting mod_nss password file 2017-05-11T17:47:21Z DEBUG duration: 0 seconds 2017-05-11T17:47:21Z DEBUG [5/21]: enabling mod_nss renegotiate 2017-05-11T17:47:22Z DEBUG duration: 0 seconds 2017-05-11T17:47:22Z DEBUG [6/21]: adding URL rewriting rules 2017-05-11T17:47:22Z DEBUG duration: 0 seconds 2017-05-11T17:47:22Z DEBUG [7/21]: configuring httpd 2017-05-11T17:47:22Z DEBUG Starting external process 2017-05-11T17:47:22Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:47:22Z DEBUG Process finished, return code=0 2017-05-11T17:47:22Z DEBUG stdout= 2017-05-11T17:47:22Z DEBUG stderr= 2017-05-11T17:47:22Z DEBUG Starting external process 2017-05-11T17:47:22Z DEBUG args=/sbin/restorecon /etc/systemd/system/httpd.service.d/ipa.conf 2017-05-11T17:47:22Z DEBUG Process finished, return code=0 2017-05-11T17:47:22Z DEBUG stdout= 2017-05-11T17:47:22Z DEBUG stderr= 2017-05-11T17:47:22Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf' 2017-05-11T17:47:22Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist 2017-05-11T17:47:22Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' 2017-05-11T17:47:22Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist 2017-05-11T17:47:22Z DEBUG duration: 0 seconds 2017-05-11T17:47:22Z DEBUG [8/21]: configure certmonger for renewals 2017-05-11T17:47:22Z DEBUG Starting external process 2017-05-11T17:47:22Z DEBUG args=/bin/systemctl is-active certmonger.service 2017-05-11T17:47:22Z DEBUG Process finished, return code=0 2017-05-11T17:47:22Z DEBUG stdout=active 2017-05-11T17:47:22Z DEBUG stderr= 2017-05-11T17:47:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:22Z DEBUG duration: 0 seconds 2017-05-11T17:47:22Z DEBUG [9/21]: setting up httpd keytab 2017-05-11T17:47:22Z DEBUG Removing service keytab: /etc/httpd/conf/ipa.keytab 2017-05-11T17:47:22Z DEBUG Starting external process 2017-05-11T17:47:22Z DEBUG args=kadmin.local -q addprinc -randkey HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:23Z DEBUG Process finished, return code=0 2017-05-11T17:47:23Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Principal "HTTP/ipa.rdlg.net@RDLG.NET" created. 2017-05-11T17:47:23Z DEBUG stderr=WARNING: no policy specified for HTTP/ipa.rdlg.net@RDLG.NET; defaulting to no policy 2017-05-11T17:47:23Z DEBUG Starting external process 2017-05-11T17:47:23Z DEBUG args=kadmin.local -q ktadd -k /etc/httpd/conf/ipa.keytab HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions 2017-05-11T17:47:23Z DEBUG Process finished, return code=0 2017-05-11T17:47:23Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. 2017-05-11T17:47:23Z DEBUG stderr= 2017-05-11T17:47:23Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:23Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2b2c200> 2017-05-11T17:47:23Z DEBUG duration: 1 seconds 2017-05-11T17:47:23Z DEBUG [10/21]: setting up ssl 2017-05-11T17:47:23Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:23Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:23Z DEBUG Starting external process 2017-05-11T17:47:23Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-uDdqZp/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a 2017-05-11T17:47:24Z DEBUG Process finished, return code=0 2017-05-11T17:47:24Z DEBUG stdout= 2017-05-11T17:47:24Z DEBUG stderr= Generating key. This may take a few moments... 2017-05-11T17:47:24Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient 2017-05-11T17:47:24Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF0hJmJB%2Fs%2F%0D%0An0NuDBB2TW38uu%2BTaiX8HfGBjZf7zqfdI0K6le7yEbZ5sBdTULLZjWe8U502BHmF%0D%0ASlTGaAwt1Ndfudm6klcueqATn0sSP9ypFY8LC5Z63KKAmwS%2BHNbchSuVjMK7DdwX%0D%0A923OJ3sxmn2jvUvkCB6ZJcPdLcez54S%2BFY0imI7IHxQmaeB%2FHcmxFTLa5wwOfgM0%0D%0AFFpWE0vtkJ2E0pR%2FLD7K2ELZqms7dRP2gwSFsYI1uj6BroSHehxJOVb%2F5qIxaCBU%0D%0A02KKgsTT4WJSo70KxVm58%2Bc2N%2BuOJ0ph76DrbsoM%2FpDpw0j3vZkH6komQM2lgJ%2BO%0D%0An961b7ynHH0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAM2kUI589qS4kRfUJZ%0D%0AXOoyB1aGdQ9rbbW4cCehgc3fHup5l3S0y4L%2BM3z6OFRM3QvOE%2BZjkhbONxraac5z%0D%0A%2Bz5Y9hx3c%2FTDKMe9Q%2BxC%2BeQuv%2FgjLbboq51XbAbWIJ72M3eHjx14mHBSM5fWfP%2BJ%0D%0ADhl5IBHUt4PXGbI9AvPhowAeYlt8jYdFm5qAvQGql9shWjCdk5rymEJdMxyPZs1s%0D%0AAH7nj6338rzL4cOS0GqkKtM4d4h9SINMwCu3c0ClcBqSX2Zjhvwl%2B2Wa9AcWIH3y%0D%0AmZyhPCEihoDX2QkHVHj%2BvL17ju%2Fg%2BSOP9IiUDwbMpByo1exDNWKefE13EmcKXzbd%0D%0AIAdd%0A&cert_request_type=pkcs10&xmlOutput=true' 2017-05-11T17:47:24Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:47:24Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:47:24Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:47:24Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:47:24Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:47:24Z DEBUG Protocol: TLS1.2 2017-05-11T17:47:24Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:47:24Z DEBUG response status 200 2017-05-11T17:47:24Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:47:24 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:47:24Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>9</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>9</serialno><b64>MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3NDcyNFoXDTE5MDUxMjE3NDcyNFowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF0hJmJB/s/n0NuDBB2TW38uu+TaiX8HfGBjZf7zqfdI0K6le7yEbZ5sBdTULLZjWe8U502BHmFSlTGaAwt1Ndfudm6klcueqATn0sSP9ypFY8LC5Z63KKAmwS+HNbchSuVjMK7DdwX923OJ3sxmn2jvUvkCB6ZJcPdLcez54S+FY0imI7IHxQmaeB/HcmxFTLa5wwOfgM0FFpWE0vtkJ2E0pR/LD7K2ELZqms7dRP2gwSFsYI1uj6BroSHehxJOVb/5qIxaCBU02KKgsTT4WJSo70KxVm58+c2N+uOJ0ph76DrbsoM/pDpw0j3vZkH6komQM2lgJ+On961b7ynHH0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFI4Ozna7x12rKpS4Bajb3NlnPW60MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFE7DVzuv5/8zZq+rTenOvA635d9OMA0GCSqGSIb3DQEBCwUAA4IBAQAwJREbcn49SU0S4QlVC4xw+HZVJ9vBVVVi+fZr6M+uRGyQZXeVGOgOaEdznASmGsJOLmUmOuNultVds3UwZFiTeVN8f28qBlI1IW2XLIhwZxoewakQJYViSdX2rq7hfqi/9Lp6gwB2u6k0nNpRtGhlq+4/KuxD3VKJCV39yJbZPHOY9QvrkEIYdI6XS2tgMO+sxITsrh1/Ijgog8vE6chz6FHOmmEGsLMdV/4Qq7IJT3ZoCvUAQvLly4KIstFQMXwq3sxfDfu7GSX/LWgJEkZu5eooRUHM9Fle9TEtiRiMF+53n601nxTayeW17niaeFxIoHSg1I066kXUsvP/EWFV</b64></Request></Requests></XMLResponse>' 2017-05-11T17:47:24Z DEBUG Starting external process 2017-05-11T17:47:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-uDdqZp/tmpcert.der -f /etc/httpd/alias/pwdfile.txt 2017-05-11T17:47:24Z DEBUG Process finished, return code=0 2017-05-11T17:47:24Z DEBUG stdout= 2017-05-11T17:47:24Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. 2017-05-11T17:47:24Z DEBUG Starting external process 2017-05-11T17:47:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n Server-Cert -a 2017-05-11T17:47:24Z DEBUG Process finished, return code=0 2017-05-11T17:47:24Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDcyNFoXDTE5MDUxMjE3NDcyNFowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMF0hJmJB/s/n0NuDBB2TW38uu+TaiX8HfGBjZf7zqfdI0K6le7yEbZ5sBdTULLZ jWe8U502BHmFSlTGaAwt1Ndfudm6klcueqATn0sSP9ypFY8LC5Z63KKAmwS+HNbc hSuVjMK7DdwX923OJ3sxmn2jvUvkCB6ZJcPdLcez54S+FY0imI7IHxQmaeB/Hcmx FTLa5wwOfgM0FFpWE0vtkJ2E0pR/LD7K2ELZqms7dRP2gwSFsYI1uj6BroSHehxJ OVb/5qIxaCBU02KKgsTT4WJSo70KxVm58+c2N+uOJ0ph76DrbsoM/pDpw0j3vZkH 6komQM2lgJ+On961b7ynHH0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFI4Ozna7 x12rKpS4Bajb3NlnPW60MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0 cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0 cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HQYDVR0OBBYEFE7DVzuv5/8zZq+rTenOvA635d9OMA0GCSqGSIb3DQEBCwUAA4IB AQAwJREbcn49SU0S4QlVC4xw+HZVJ9vBVVVi+fZr6M+uRGyQZXeVGOgOaEdznASm GsJOLmUmOuNultVds3UwZFiTeVN8f28qBlI1IW2XLIhwZxoewakQJYViSdX2rq7h fqi/9Lp6gwB2u6k0nNpRtGhlq+4/KuxD3VKJCV39yJbZPHOY9QvrkEIYdI6XS2tg MO+sxITsrh1/Ijgog8vE6chz6FHOmmEGsLMdV/4Qq7IJT3ZoCvUAQvLly4KIstFQ MXwq3sxfDfu7GSX/LWgJEkZu5eooRUHM9Fle9TEtiRiMF+53n601nxTayeW17nia eFxIoHSg1I066kXUsvP/EWFV -----END CERTIFICATE----- 2017-05-11T17:47:24Z DEBUG stderr= 2017-05-11T17:47:24Z DEBUG Starting external process 2017-05-11T17:47:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=Object Signing Cert,O=RDLG.NET -o /var/lib/ipa/ipa-uDdqZp/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr= Generating key. This may take a few moments... 2017-05-11T17:47:25Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient 2017-05-11T17:47:25Z DEBUG request body 'profileId=caJarSigningCert&requestor_name=IPA+Installer&cert_request=MIICdjCCAV4CAQAwMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVj%0D%0AdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL%0D%0AoU4V7Fx3iqfRs%2BtTW5CrBJgX1hpPf3d83GzbghUDa09XVe%2FYDzp6OPoQKyiGa28G%0D%0AzAy%2BCjpiNdS%2FZVJw%2FXBW4GREigIoUN8jQgUspcVlm7gUImRoUhf41Uf9gy0llndP%0D%0AjPt2qq6vgXDrNZ3sn43YBKg1PkuYSK7HFCVhCal%2B2NtTnOhP9LOU%2BsgcMp3Xc7Eg%0D%0Ard2Z%2BKpDR9ZX1b16LrV58IoZBr%2FN935pwxY6SwuXbae9D%2B63317FmGqbEzAPmfiw%0D%0ATVdbBxaiFM7tnSEXo%2F9ejaXIksIIs486nB3uLd3aCS%2FtvtCqdfePvmUMuRGAN65K%0D%0A9Y0O6lrHCMlSDFOObUfXAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAW8tRa9cE%0D%0AdJcWVSXGdtUJatx44rC9vt6B8JjCnKv4%2FckYGyL9VDCWNryiXcH1v7c1u9Q0U55u%0D%0ADTo97rsxbYpjDK6iC3Ilz5lof9iLiAOkTZjtmLRv4wfhK6M4TQtkVe7sOfzo70fG%0D%0A8UJxHFxzHSpcnCk6HfYUzwmtAXqpPvQxuVtiLExz10MXFfgDAio4lEIiG6Jyz4gO%0D%0AYd21OfU%2Br0LAZ826qposVIjWwD8ynoqEuDil87Zz9Ryd0SB5KueqzTP9Ludq2%2Bdn%0D%0A%2BdqGRtCxksVc4O98XebxaDtjG6c6IdIjTMRKgkrlK6UG6PJVqbX1e%2Bn90tycUqUn%0D%0ACXum21x5f7YWBg%3D%3D%0A&cert_request_type=pkcs10&xmlOutput=true' 2017-05-11T17:47:25Z DEBUG NSSConnection init ipa.rdlg.net 2017-05-11T17:47:25Z DEBUG Connecting: 172.20.0.200:0 2017-05-11T17:47:25Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-05-11T17:47:25Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET" 2017-05-11T17:47:25Z DEBUG handshake complete, peer = 172.20.0.200:8443 2017-05-11T17:47:25Z DEBUG Protocol: TLS1.2 2017-05-11T17:47:25Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA 2017-05-11T17:47:25Z DEBUG response status 200 2017-05-11T17:47:25Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:47:24 GMT', 'content-length': '1275', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:47:25Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>10</Id><SubjectDN>CN=Object Signing Cert,O=RDLG.NET</SubjectDN><serialno>a</serialno><b64>MIIDBDCCAeygAwIBAgIBCjANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3NDcyNVoXDTIxMDUxMTE3NDcyNVowMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLoU4V7Fx3iqfRs+tTW5CrBJgX1hpPf3d83GzbghUDa09XVe/YDzp6OPoQKyiGa28GzAy+CjpiNdS/ZVJw/XBW4GREigIoUN8jQgUspcVlm7gUImRoUhf41Uf9gy0llndPjPt2qq6vgXDrNZ3sn43YBKg1PkuYSK7HFCVhCal+2NtTnOhP9LOU+sgcMp3Xc7Egrd2Z+KpDR9ZX1b16LrV58IoZBr/N935pwxY6SwuXbae9D+63317FmGqbEzAPmfiwTVdbBxaiFM7tnSEXo/9ejaXIksIIs486nB3uLd3aCS/tvtCqdfePvmUMuRGAN65K9Y0O6lrHCMlSDFOObUfXAgMBAAGjJTAjMA4GA1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQADggEBAIHkTZMNw6xityFg2IFO1Dx0goLS69W2etg+Wc4KhVOS2fRt4U9GeK/8ftOq7a9tcl5WYdiD/EF7ojLADKL3Vgd7q2tp/EP+unMSyoz1q4DfdhTy70RZXPUotAOTdt6vLW8yMPdcn59bNn83l6LjlnOQq4VRUYmE15mLv7yB7L5iJ7fNFYW6R+TAcUYEW42LxThs3vqZptm+RvsOqAZKQosc7hBX5Xmugte9tnoWRqHyttXu61Cymyswh031x/tRyeuG6UQEIXwbPVOTSAOADxN37YdzRU5pfBM044248jXZEejzwTKLegY4HGnpBk7/1iiWn6YVgDgveyhbjYmjoY4=</b64></Request></Requests></XMLResponse>' 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Signing-Cert -t u,u,u -i /var/lib/ipa/ipa-uDdqZp/tmpcert.der -f /etc/httpd/alias/pwdfile.txt 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. 2017-05-11T17:47:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xac5a638> 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u RDLG.NET IPA CA CT,C,C ipaCert u,u,u Server-Cert u,u,u 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n Signing-Cert 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET] "Signing-Cert" [CN=Object Signing Cert,O=RDLG.NET] 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/sbin/restorecon /etc/httpd/alias/cert8.db 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/sbin/restorecon /etc/httpd/alias/key3.db 2017-05-11T17:47:25Z DEBUG Process finished, return code=0 2017-05-11T17:47:25Z DEBUG stdout= 2017-05-11T17:47:25Z DEBUG stderr= 2017-05-11T17:47:25Z DEBUG duration: 2 seconds 2017-05-11T17:47:25Z DEBUG [11/21]: importing CA certificates from LDAP 2017-05-11T17:47:25Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:25Z DEBUG Starting external process 2017-05-11T17:47:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n RDLG.NET IPA CA -t CT,C,C 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout= 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG duration: 0 seconds 2017-05-11T17:47:26Z DEBUG [12/21]: setting up browser autoconfig 2017-05-11T17:47:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u ipaCert u,u,u Server-Cert u,u,u RDLG.NET IPA CA CT,C,C 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/bin/signtool -d /etc/httpd/alias -p 275554f87f0df8d3a4c4 -k Signing-Cert -p 275554f87f0df8d3a4c4 -X -Z /usr/share/ipa/html/kerberosauth.xpi /tmp/tmp-zoKb2z/ext 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout=Generating /tmp/tmp-zoKb2z/ext/META-INF/manifest.mf file.. --> bootstrap.js --> chrome/content/kerberosauth.js --> chrome/content/kerberosauth_overlay.xul --> chrome.manifest --> install.rdf --> locale/en-US/kerberosauth.properties Generating zigbert.sf file.. Creating XPI Compatible Archive adding /tmp/tmp-zoKb2z/ext/META-INF/zigbert.rsa to /usr/share/ipa/html/kerberosauth.xpi...(deflated 11%) --> bootstrap.js adding /tmp/tmp-zoKb2z/ext/bootstrap.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 67%) --> chrome/content/kerberosauth.js adding /tmp/tmp-zoKb2z/ext/chrome/content/kerberosauth.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 66%) --> chrome/content/kerberosauth_overlay.xul adding /tmp/tmp-zoKb2z/ext/chrome/content/kerberosauth_overlay.xul to /usr/share/ipa/html/kerberosauth.xpi...(deflated 34%) --> chrome.manifest adding /tmp/tmp-zoKb2z/ext/chrome.manifest to /usr/share/ipa/html/kerberosauth.xpi...(deflated 51%) --> install.rdf adding /tmp/tmp-zoKb2z/ext/install.rdf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 55%) --> locale/en-US/kerberosauth.properties adding /tmp/tmp-zoKb2z/ext/locale/en-US/kerberosauth.properties to /usr/share/ipa/html/kerberosauth.xpi...(deflated 36%) adding /tmp/tmp-zoKb2z/ext/META-INF/manifest.mf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 47%) adding /tmp/tmp-zoKb2z/ext/META-INF/zigbert.sf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 48%) tree "/tmp/tmp-zoKb2z/ext" signed successfully 2017-05-11T17:47:26Z DEBUG stderr=warning: password (-p) option specified more than once. Only last specification will be used. 2017-05-11T17:47:26Z DEBUG duration: 0 seconds 2017-05-11T17:47:26Z DEBUG [13/21]: publish CA cert 2017-05-11T17:47:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:26Z DEBUG duration: 0 seconds 2017-05-11T17:47:26Z DEBUG [14/21]: clean up any existing httpd ccache 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/bin/kdestroy -A 2017-05-11T17:47:26Z DEBUG runas=apache (UID 48, GID 48) 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout= 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG duration: 0 seconds 2017-05-11T17:47:26Z DEBUG [15/21]: configuring SELinux for httpd 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout= 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/sbin/getsebool httpd_can_network_connect 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout=httpd_can_network_connect --> off 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/sbin/getsebool httpd_run_ipa 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout=httpd_run_ipa --> off 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/sbin/getsebool httpd_manage_ipa 2017-05-11T17:47:26Z DEBUG Process finished, return code=0 2017-05-11T17:47:26Z DEBUG stdout=httpd_manage_ipa --> off 2017-05-11T17:47:26Z DEBUG stderr= 2017-05-11T17:47:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:26Z DEBUG Starting external process 2017-05-11T17:47:26Z DEBUG args=/usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on 2017-05-11T17:47:27Z DEBUG Process finished, return code=0 2017-05-11T17:47:27Z DEBUG stdout= 2017-05-11T17:47:27Z DEBUG stderr= 2017-05-11T17:47:27Z DEBUG duration: 1 seconds 2017-05-11T17:47:27Z DEBUG [16/21]: create KDC proxy user 2017-05-11T17:47:27Z DEBUG group kdcproxy exists 2017-05-11T17:47:27Z DEBUG Adding user kdcproxy 2017-05-11T17:47:27Z DEBUG Starting external process 2017-05-11T17:47:27Z DEBUG args=/usr/sbin/useradd -g kdcproxy -d /var/lib/kdcproxy -s /sbin/nologin -r kdcproxy -c IPA KDC Proxy User -m 2017-05-11T17:47:28Z DEBUG Process finished, return code=0 2017-05-11T17:47:28Z DEBUG stdout= 2017-05-11T17:47:28Z DEBUG stderr= 2017-05-11T17:47:28Z DEBUG Done adding user 2017-05-11T17:47:28Z DEBUG duration: 0 seconds 2017-05-11T17:47:28Z DEBUG [17/21]: create KDC proxy config 2017-05-11T17:47:28Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' 2017-05-11T17:47:28Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist 2017-05-11T17:47:28Z DEBUG duration: 0 seconds 2017-05-11T17:47:28Z DEBUG [18/21]: enable KDC proxy 2017-05-11T17:47:28Z DEBUG service KDCPROXY enabled 2017-05-11T17:47:28Z DEBUG duration: 0 seconds 2017-05-11T17:47:28Z DEBUG [19/21]: restarting httpd 2017-05-11T17:47:28Z DEBUG Starting external process 2017-05-11T17:47:28Z DEBUG args=/bin/systemctl is-active httpd.service 2017-05-11T17:47:28Z DEBUG Process finished, return code=3 2017-05-11T17:47:28Z DEBUG stdout=unknown 2017-05-11T17:47:28Z DEBUG stderr= 2017-05-11T17:47:28Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:28Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:28Z DEBUG Starting external process 2017-05-11T17:47:28Z DEBUG args=/bin/systemctl restart httpd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout= 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl is-active httpd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout=active 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG duration: 0 seconds 2017-05-11T17:47:29Z DEBUG [20/21]: configuring httpd to start on boot 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl is-enabled httpd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=1 2017-05-11T17:47:29Z DEBUG stdout=disabled 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl disable httpd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout= 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG duration: 0 seconds 2017-05-11T17:47:29Z DEBUG [21/21]: enabling oddjobd 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl is-active oddjobd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=3 2017-05-11T17:47:29Z DEBUG stdout=unknown 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl is-enabled oddjobd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=1 2017-05-11T17:47:29Z DEBUG stdout=disabled 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl enable oddjobd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout= 2017-05-11T17:47:29Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/oddjobd.service to /usr/lib/systemd/system/oddjobd.service. 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl start oddjobd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout= 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/bin/systemctl is-active oddjobd.service 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout=active 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG duration: 0 seconds 2017-05-11T17:47:29Z DEBUG Done configuring the web interface (httpd). 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/usr/sbin/selinuxenabled 2017-05-11T17:47:29Z DEBUG Process finished, return code=0 2017-05-11T17:47:29Z DEBUG stdout= 2017-05-11T17:47:29Z DEBUG stderr= 2017-05-11T17:47:29Z DEBUG Starting external process 2017-05-11T17:47:29Z DEBUG args=/sbin/restorecon /var/cache/ipa/sessions 2017-05-11T17:47:30Z DEBUG Process finished, return code=255 2017-05-11T17:47:30Z DEBUG stdout= 2017-05-11T17:47:30Z DEBUG stderr=/sbin/restorecon: lstat(/var/cache/ipa/sessions) failed: No such file or directory 2017-05-11T17:47:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:47:30Z DEBUG Created connection context.ldap2_235456464 2017-05-11T17:47:30Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:30Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae33518> 2017-05-11T17:47:30Z DEBUG Destroyed connection context.ldap2_235456464 2017-05-11T17:47:30Z DEBUG Applying LDAP updates 2017-05-11T17:47:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:30Z DEBUG Starting external process 2017-05-11T17:47:30Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:47:30Z DEBUG Process finished, return code=0 2017-05-11T17:47:30Z DEBUG stdout=active 2017-05-11T17:47:30Z DEBUG stderr= 2017-05-11T17:47:30Z DEBUG Upgrading IPA: 2017-05-11T17:47:30Z DEBUG [1/9]: stopping directory server 2017-05-11T17:47:30Z DEBUG Starting external process 2017-05-11T17:47:30Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service 2017-05-11T17:47:32Z DEBUG Process finished, return code=0 2017-05-11T17:47:32Z DEBUG stdout= 2017-05-11T17:47:32Z DEBUG stderr= 2017-05-11T17:47:32Z DEBUG duration: 1 seconds 2017-05-11T17:47:32Z DEBUG [2/9]: saving configuration 2017-05-11T17:47:32Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:32Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:32Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:32Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:47:32Z DEBUG duration: 0 seconds 2017-05-11T17:47:32Z DEBUG [3/9]: disabling listeners 2017-05-11T17:47:32Z DEBUG duration: 0 seconds 2017-05-11T17:47:32Z DEBUG [4/9]: enabling DS global lock 2017-05-11T17:47:32Z DEBUG duration: 0 seconds 2017-05-11T17:47:32Z DEBUG [5/9]: starting directory server 2017-05-11T17:47:32Z DEBUG Starting external process 2017-05-11T17:47:32Z DEBUG args=/bin/systemctl start dirsrv@RDLG-NET.service 2017-05-11T17:47:33Z DEBUG Process finished, return code=0 2017-05-11T17:47:33Z DEBUG stdout= 2017-05-11T17:47:33Z DEBUG stderr= 2017-05-11T17:47:33Z DEBUG duration: 1 seconds 2017-05-11T17:47:33Z DEBUG [6/9]: upgrading server 2017-05-11T17:47:33Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:47:33Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:47:33Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:47:33Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:47:35Z DEBUG Created connection context.ldap2_240679504 2017-05-11T17:47:35Z DEBUG Destroyed connection context.ldap2_240679504 2017-05-11T17:47:35Z DEBUG Created connection context.ldap2_240679504 2017-05-11T17:47:35Z DEBUG Parsing update file '/usr/share/ipa/updates/05-pre_upgrade_plugins.update' 2017-05-11T17:47:35Z DEBUG Executing upgrade plugin: update_managed_post_first 2017-05-11T17:47:35Z DEBUG raw: update_managed_post_first 2017-05-11T17:47:35Z DEBUG Executing upgrade plugin: update_replica_attribute_lists 2017-05-11T17:47:35Z DEBUG raw: update_replica_attribute_lists 2017-05-11T17:47:35Z DEBUG Start replication agreement exclude list update task 2017-05-11T17:47:35Z DEBUG Found 0 agreement(s) 2017-05-11T17:47:35Z DEBUG Done updating agreements 2017-05-11T17:47:35Z DEBUG Executing upgrade plugin: update_passync_privilege_check 2017-05-11T17:47:35Z DEBUG raw: update_passync_privilege_check 2017-05-11T17:47:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:35Z DEBUG Check if there is existing PassSync privilege 2017-05-11T17:47:35Z DEBUG PassSync privilege not found, this is a new update 2017-05-11T17:47:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:35Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:47:35Z DEBUG Executing upgrade plugin: update_referint 2017-05-11T17:47:35Z DEBUG raw: update_referint 2017-05-11T17:47:35Z DEBUG Upgrading referential integrity plugin configuration 2017-05-11T17:47:35Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:47:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xffbccf8> 2017-05-11T17:47:35Z DEBUG Initial value: LDAPEntry(ipapython.dn.DN('cn=referential integrity postoperation,cn=plugins,cn=config'), {u'cn': ['referential integrity postoperation'], u'objectClass': ['top', 'nsSlapdPlugin', 'extensibleObject'], u'nsslapd-pluginPath': ['libreferint-plugin'], u'nsslapd-plugin-depends-on-type': ['database'], u'nsslapd-pluginVendor': ['389 Project'], u'nsslapd-pluginprecedence': ['40'], u'referint-logchanges': ['0'], u'nsslapd-pluginType': ['betxnpostoperation'], u'referint-logfile': ['/var/log/dirsrv/slapd-RDLG-NET/referint'], u'nsslapd-pluginInitfunc': ['referint_postop_init'], u'referint-update-delay': ['0'], u'nsslapd-pluginVersion': ['1.3.5.10'], u'nsslapd-pluginDescription': ['referential integrity plugin'], u'nsslapd-pluginEnabled': ['on'], u'nsslapd-pluginId': ['referint'], u'referint-membership-attr': ['member', 'uniquemember', 'owner', 'seeAlso']}) 2017-05-11T17:47:35Z DEBUG Plugin already uses new style, skipping 2017-05-11T17:47:35Z DEBUG Executing upgrade plugin: update_uniqueness_plugins_to_new_syntax 2017-05-11T17:47:35Z DEBUG raw: update_uniqueness_plugins_to_new_syntax 2017-05-11T17:47:35Z DEBUG No uniqueness plugin entries with old style configuration found 2017-05-11T17:47:35Z DEBUG Parsing update file '/usr/share/ipa/updates/10-config.update' 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-ssl-check-hostname to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Kerberos Principal Name 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG ipamodrdntargetattr: 2017-05-11T17:47:35Z DEBUG krbPrincipalName 2017-05-11T17:47:35Z DEBUG ipamodrdnsuffix: 2017-05-11T17:47:35Z DEBUG @RDLG.NET 2017-05-11T17:47:35Z DEBUG ipamodrdnsourceattr: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG ipamodrdnfilter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2017-05-11T17:47:35Z DEBUG ipamodrdnscope: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG remove: '60' from nsslapd-pluginPrecedence, current value [] 2017-05-11T17:47:35Z DEBUG remove: '60' not in nsslapd-pluginPrecedence 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Kerberos Principal Name 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG ipamodrdntargetattr: 2017-05-11T17:47:35Z DEBUG krbPrincipalName 2017-05-11T17:47:35Z DEBUG ipamodrdnsuffix: 2017-05-11T17:47:35Z DEBUG @RDLG.NET 2017-05-11T17:47:35Z DEBUG ipamodrdnsourceattr: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG ipamodrdnfilter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2017-05-11T17:47:35Z DEBUG ipamodrdnscope: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA MODRDN plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_modrdn 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG Red Hat, Inc. 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipamodrdn_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginPrecedence to '60', current value ['60'] 2017-05-11T17:47:35Z DEBUG only: updated value ['60'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA MODRDN plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_modrdn 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG Red Hat, Inc. 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipamodrdn_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-directory: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-val: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-lookthroughlimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG nsslapd-db-deadlock-policy: 2017-05-11T17:47:35Z DEBUG 9 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-min-wait: 2017-05-11T17:47:35Z DEBUG 50 2017-05-11T17:47:35Z DEBUG nsslapd-db-locks: 2017-05-11T17:47:35Z DEBUG 50000 2017-05-11T17:47:35Z DEBUG nsslapd-serial-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-subtree-rename-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-backend-opt-level: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-db-logdirectory: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db 2017-05-11T17:47:35Z DEBUG nsslapd-exclude-from-export: 2017-05-11T17:47:35Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-max-wait: 2017-05-11T17:47:35Z DEBUG 50 2017-05-11T17:47:35Z DEBUG nsslapd-rangelookthroughlimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG nsslapd-dbcachesize: 2017-05-11T17:47:35Z DEBUG 10000000 2017-05-11T17:47:35Z DEBUG nsslapd-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-db-logbuf-size: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-import-cache-autosize: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-search-use-vlv-index: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pagedidlistscanlimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idlistscanlimit: 2017-05-11T17:47:35Z DEBUG 4000 2017-05-11T17:47:35Z DEBUG nsslapd-search-bypass-filter-test: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-compactdb-interval: 2017-05-11T17:47:35Z DEBUG 2592000 2017-05-11T17:47:35Z DEBUG nsslapd-pagedlookthroughlimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idl-switch: 2017-05-11T17:47:35Z DEBUG new 2017-05-11T17:47:35Z DEBUG nsslapd-db-durable-transaction: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-private-import-mem: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-checkpoint-interval: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-import-cachesize: 2017-05-11T17:47:35Z DEBUG 20000000 2017-05-11T17:47:35Z DEBUG replace: updated value ['100000'] 2017-05-11T17:47:35Z DEBUG replace: updated value ['100000'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-directory: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-val: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-lookthroughlimit: 2017-05-11T17:47:35Z DEBUG 100000 2017-05-11T17:47:35Z DEBUG nsslapd-db-deadlock-policy: 2017-05-11T17:47:35Z DEBUG 9 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-min-wait: 2017-05-11T17:47:35Z DEBUG 50 2017-05-11T17:47:35Z DEBUG nsslapd-db-locks: 2017-05-11T17:47:35Z DEBUG 50000 2017-05-11T17:47:35Z DEBUG nsslapd-serial-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-subtree-rename-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-backend-opt-level: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-db-logdirectory: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db 2017-05-11T17:47:35Z DEBUG nsslapd-exclude-from-export: 2017-05-11T17:47:35Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2017-05-11T17:47:35Z DEBUG nsslapd-db-transaction-batch-max-wait: 2017-05-11T17:47:35Z DEBUG 50 2017-05-11T17:47:35Z DEBUG nsslapd-rangelookthroughlimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG nsslapd-dbcachesize: 2017-05-11T17:47:35Z DEBUG 10000000 2017-05-11T17:47:35Z DEBUG nsslapd-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-db-logbuf-size: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-import-cache-autosize: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-search-use-vlv-index: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pagedidlistscanlimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idlistscanlimit: 2017-05-11T17:47:35Z DEBUG 100000 2017-05-11T17:47:35Z DEBUG nsslapd-search-bypass-filter-test: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-compactdb-interval: 2017-05-11T17:47:35Z DEBUG 2592000 2017-05-11T17:47:35Z DEBUG nsslapd-pagedlookthroughlimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idl-switch: 2017-05-11T17:47:35Z DEBUG new 2017-05-11T17:47:35Z DEBUG nsslapd-db-durable-transaction: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-private-import-mem: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-db-checkpoint-interval: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-import-cachesize: 2017-05-11T17:47:35Z DEBUG 20000000 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-lookthroughlimit', ['100000']), (2, u'nsslapd-idlistscanlimit', ['100000'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG New entry: cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG objectclass: 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSizeLimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG nsLookThroughLimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG anonymous-limits 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG objectclass: 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSizeLimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG nsLookThroughLimit: 2017-05-11T17:47:35Z DEBUG 5000 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG anonymous-limits 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-anonlimitsdn to 'cn=anonymous-limits,cn=etc,dc=rdlg,dc=net', current value [''] 2017-05-11T17:47:35Z DEBUG only: updated value ['cn=anonymous-limits,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-anonlimitsdn', ['cn=anonymous-limits,cn=etc,dc=rdlg,dc=net'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG add: 'dc=rdlg,dc=net' to nsslapd-defaultNamingContext, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-minssf-exclude-rootdse to 'on', current value ['off'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-minssf-exclude-rootdse', ['on'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ipa-winsync 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG ipawinsynchomedirattr: 2017-05-11T17:47:35Z DEBUG ipaHomesRootDir 2017-05-11T17:47:35Z DEBUG ipawinsyncnewuserocattr: 2017-05-11T17:47:35Z DEBUG ipauserobjectclasses 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_winsync 2017-05-11T17:47:35Z DEBUG ipawinsyncuserflatten: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG ipawinsyncdefaultgroupfilter: 2017-05-11T17:47:35Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2017-05-11T17:47:35Z DEBUG ipawinsyncforcesync: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG FreeIPA/1.0 2017-05-11T17:47:35Z DEBUG ipawinsyncrealmattr: 2017-05-11T17:47:35Z DEBUG cn 2017-05-11T17:47:35Z DEBUG ipawinsyncacctdisable: 2017-05-11T17:47:35Z DEBUG both 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipa_winsync_plugin_init 2017-05-11T17:47:35Z DEBUG ipawinsyncnewentryfilter: 2017-05-11T17:47:35Z DEBUG (cn=ipaConfig) 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG FreeIPA project 2017-05-11T17:47:35Z DEBUG ipawinsyncdefaultgroupattr: 2017-05-11T17:47:35Z DEBUG ipaDefaultPrimaryGroup 2017-05-11T17:47:35Z DEBUG ipawinsyncrealmfilter: 2017-05-11T17:47:35Z DEBUG (objectclass=krbRealmContainer) 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG preoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG ipa winsync plugin 2017-05-11T17:47:35Z DEBUG ipawinsyncloginshellattr: 2017-05-11T17:47:35Z DEBUG ipaDefaultLoginShell 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG ipa-winsync-plugin 2017-05-11T17:47:35Z DEBUG ipawinsyncuserattr: 2017-05-11T17:47:35Z DEBUG uidNumber -1 2017-05-11T17:47:35Z DEBUG gidNumber -1 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginPrecedence to '60', current value [] 2017-05-11T17:47:35Z DEBUG only: updated value ['60'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ipa-winsync 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG ipawinsynchomedirattr: 2017-05-11T17:47:35Z DEBUG ipaHomesRootDir 2017-05-11T17:47:35Z DEBUG ipawinsyncnewuserocattr: 2017-05-11T17:47:35Z DEBUG ipauserobjectclasses 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_winsync 2017-05-11T17:47:35Z DEBUG ipawinsyncuserflatten: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG ipawinsyncdefaultgroupfilter: 2017-05-11T17:47:35Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2017-05-11T17:47:35Z DEBUG ipawinsyncforcesync: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG FreeIPA/1.0 2017-05-11T17:47:35Z DEBUG ipawinsyncrealmattr: 2017-05-11T17:47:35Z DEBUG cn 2017-05-11T17:47:35Z DEBUG ipawinsyncacctdisable: 2017-05-11T17:47:35Z DEBUG both 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipa_winsync_plugin_init 2017-05-11T17:47:35Z DEBUG ipawinsyncnewentryfilter: 2017-05-11T17:47:35Z DEBUG (cn=ipaConfig) 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG FreeIPA project 2017-05-11T17:47:35Z DEBUG ipawinsyncdefaultgroupattr: 2017-05-11T17:47:35Z DEBUG ipaDefaultPrimaryGroup 2017-05-11T17:47:35Z DEBUG ipawinsyncrealmfilter: 2017-05-11T17:47:35Z DEBUG (objectclass=krbRealmContainer) 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG preoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG ipa winsync plugin 2017-05-11T17:47:35Z DEBUG ipawinsyncloginshellattr: 2017-05-11T17:47:35Z DEBUG ipaDefaultLoginShell 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG ipa-winsync-plugin 2017-05-11T17:47:35Z DEBUG ipawinsyncuserattr: 2017-05-11T17:47:35Z DEBUG uidNumber -1 2017-05-11T17:47:35Z DEBUG gidNumber -1 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPrecedence: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-pluginPrecedence', ['60'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-sasl-mapping-fallback to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG nsSaslMapPriority: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Full Principal 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSaslMapping 2017-05-11T17:47:35Z DEBUG nsSaslMapRegexString: 2017-05-11T17:47:35Z DEBUG \(.*\)@\(.*\) 2017-05-11T17:47:35Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:47:35Z DEBUG (krbPrincipalName=\1@\2) 2017-05-11T17:47:35Z DEBUG addifnew: '10' to nsSaslMapPriority, current value ['10'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG nsSaslMapPriority: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Full Principal 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSaslMapping 2017-05-11T17:47:35Z DEBUG nsSaslMapRegexString: 2017-05-11T17:47:35Z DEBUG \(.*\)@\(.*\) 2017-05-11T17:47:35Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:47:35Z DEBUG (krbPrincipalName=\1@\2) 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Name Only,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Name Only,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG nsSaslMapPriority: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Name Only 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSaslMapping 2017-05-11T17:47:35Z DEBUG nsSaslMapRegexString: 2017-05-11T17:47:35Z DEBUG ^[^:@]+$ 2017-05-11T17:47:35Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:47:35Z DEBUG (krbPrincipalName=&@RDLG.NET) 2017-05-11T17:47:35Z DEBUG addifnew: '10' to nsSaslMapPriority, current value ['10'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Name Only,cn=mapping,cn=sasl,cn=config 2017-05-11T17:47:35Z DEBUG nsSaslMapPriority: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Name Only 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSaslMapping 2017-05-11T17:47:35Z DEBUG nsSaslMapRegexString: 2017-05-11T17:47:35Z DEBUG ^[^:@]+$ 2017-05-11T17:47:35Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:47:35Z DEBUG (krbPrincipalName=&@RDLG.NET) 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-sasl-max-buffer-size to '2097152', current value ['2097152'] 2017-05-11T17:47:35Z DEBUG only: updated value ['2097152'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-allow-hashed-passwords to 'on', current value ['off'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-allow-hashed-passwords', ['on'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 1800000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG only: set nsslapd-ioblocktimeout to '10000', current value ['1800000'] 2017-05-11T17:47:35Z DEBUG only: updated value ['10000'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-betype: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG nsslapd-nagle: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:35Z DEBUG 64 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 500 2017-05-11T17:47:35Z DEBUG passwordMinAlphas: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-readonly: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinUppers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-plugin: 2017-05-11T17:47:35Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:35Z DEBUG 20971520 2017-05-11T17:47:35Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMinAge: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG week 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordInHistory: 2017-05-11T17:47:35Z DEBUG 6 2017-05-11T17:47:35Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:35Z DEBUG 8192 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG passwordMaxAge: 2017-05-11T17:47:35Z DEBUG 8639913600 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:35Z DEBUG gidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:35Z DEBUG /tmp 2017-05-11T17:47:35Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-counters: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-minssf: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:35Z DEBUG nsslapd-localuser: 2017-05-11T17:47:35Z DEBUG dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-security: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordChange: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:35Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:35Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:35Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:35Z DEBUG passwordMaxFailure: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:35Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:35Z DEBUG 128 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:35Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:35Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordMustChange: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordExp: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:35Z DEBUG dirsrv-log 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:35Z DEBUG cn=Directory Manager 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinLength: 2017-05-11T17:47:35Z DEBUG 8 2017-05-11T17:47:35Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:35Z DEBUG day 2017-05-11T17:47:35Z DEBUG nsslapd-securePort: 2017-05-11T17:47:35Z DEBUG 636 2017-05-11T17:47:35Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG config 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapdConfig 2017-05-11T17:47:35Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:35Z DEBUG next 2017-05-11T17:47:35Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:35Z DEBUG -10 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordGraceLimit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG passwordWarning: 2017-05-11T17:47:35Z DEBUG 86400 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-config: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:35Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:35Z DEBUG 256 2017-05-11T17:47:35Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG passwordLockout: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:35Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-certdir: 2017-05-11T17:47:35Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 10 2017-05-11T17:47:35Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:35Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:35Z DEBUG 30 2017-05-11T17:47:35Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-localhost: 2017-05-11T17:47:35Z DEBUG ipa.rdlg.net 2017-05-11T17:47:35Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:35Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:35Z DEBUG passwordMin8bit: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:35Z DEBUG uidNumber 2017-05-11T17:47:35Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:35Z DEBUG warn 2017-05-11T17:47:35Z DEBUG passwordMinCategories: 2017-05-11T17:47:35Z DEBUG 3 2017-05-11T17:47:35Z DEBUG passwordMinLowers: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordAdminDN: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordMinSpecials: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:35Z DEBUG -1 2017-05-11T17:47:35Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:35Z DEBUG month 2017-05-11T17:47:35Z DEBUG passwordUnlock: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:35Z DEBUG 209715200 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:35Z DEBUG dc=example,dc=com 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-localssf: 2017-05-11T17:47:35Z DEBUG 71 2017-05-11T17:47:35Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:35Z DEBUG 2000 2017-05-11T17:47:35Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:35Z DEBUG 2097152 2017-05-11T17:47:35Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:35Z DEBUG 3600 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-port: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:35Z DEBUG 100 2017-05-11T17:47:35Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:35Z DEBUG cn=schema 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG cn=monitor 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:35Z DEBUG 2 2017-05-11T17:47:35Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:35Z DEBUG 600 2017-05-11T17:47:35Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:35Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:35Z DEBUG 300000 2017-05-11T17:47:35Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:35Z DEBUG 2017-05-11T17:47:35Z DEBUG nsslapd-rundir: 2017-05-11T17:47:35Z DEBUG /var/run/dirsrv 2017-05-11T17:47:35Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:35Z DEBUG replication-only 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:35Z DEBUG 16384 2017-05-11T17:47:35Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:35Z DEBUG 10000 2017-05-11T17:47:35Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG passwordMinDigits: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:35Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:35Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:35Z DEBUG 5 2017-05-11T17:47:35Z DEBUG passwordStorageScheme: 2017-05-11T17:47:35Z DEBUG SSHA 2017-05-11T17:47:35Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-ioblocktimeout', ['10000'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Parsing update file '/usr/share/ipa/updates/10-enable-betxn.update' 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG NS7bitAttr 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG 7-bit check 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG NS7bitAttr_Init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Enforce 7-bit clean attribute values 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libattr-unique-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg0: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg3: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg2: 2017-05-11T17:47:35Z DEBUG , 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg1: 2017-05-11T17:47:35Z DEBUG mail 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG NS7bitAttr 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG 7-bit check 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG NS7bitAttr_Init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Enforce 7-bit clean attribute values 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libattr-unique-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg0: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg3: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg2: 2017-05-11T17:47:35Z DEBUG , 2017-05-11T17:47:35Z DEBUG nsslapd-pluginarg1: 2017-05-11T17:47:35Z DEBUG mail 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=attribute uniqueness,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=attribute uniqueness,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG attribute uniqueness 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libattr-unique-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=attribute uniqueness,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:35Z DEBUG uid 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG attribute uniqueness 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libattr-unique-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Auto Membership 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Auto Membership Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Auto Membership plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libautomember-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:35Z DEBUG cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG automember_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Auto Membership 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Auto Membership Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Auto Membership plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libautomember-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:35Z DEBUG cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG automember_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Linked Attributes,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Linked Attributes 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Linked Attributes 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Linked Attributes plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG liblinkedattrs-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG linked_attrs_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Linked Attributes 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Linked Attributes 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Linked Attributes plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG liblinkedattrs-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG linked_attrs_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Managed Entries 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Managed Entries 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Managed Entries plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libmanagedentries-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:35Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG mep_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG Managed Entries 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Managed Entries 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Managed Entries plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libmanagedentries-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsContainer 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:35Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG mep_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG memberof 2017-05-11T17:47:35Z DEBUG memberofgroupattr: 2017-05-11T17:47:35Z DEBUG member 2017-05-11T17:47:35Z DEBUG memberUser 2017-05-11T17:47:35Z DEBUG memberHost 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG MemberOf Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG memberof plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libmemberof-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG memberofattr: 2017-05-11T17:47:35Z DEBUG memberOf 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG memberof_postop_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG memberof 2017-05-11T17:47:35Z DEBUG memberofgroupattr: 2017-05-11T17:47:35Z DEBUG member 2017-05-11T17:47:35Z DEBUG memberUser 2017-05-11T17:47:35Z DEBUG memberHost 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG MemberOf Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG memberof plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libmemberof-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG memberofattr: 2017-05-11T17:47:35Z DEBUG memberOf 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG memberof_postop_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Multimaster Replication Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG replication_multimaster_plugin_init 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG AES 2017-05-11T17:47:35Z DEBUG Class of Service 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Multi-master Replication Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libreplication-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG replication-multimaster 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Multimaster Replication Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG replication_multimaster_plugin_init 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:47:35Z DEBUG ldbm database 2017-05-11T17:47:35Z DEBUG AES 2017-05-11T17:47:35Z DEBUG Class of Service 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Multi-master Replication Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libreplication-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG replication-multimaster 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=PAM Pass Through Auth,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=PAM Pass Through Auth,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamFallback: 2017-05-11T17:47:35Z DEBUG FALSE 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG PAM Pass Through Auth 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG pamExcludeSuffix: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamMissingSuffix: 2017-05-11T17:47:35Z DEBUG ALLOW 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libpam-passthru-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG pamConfig 2017-05-11T17:47:35Z DEBUG pamIDMapMethod: 2017-05-11T17:47:35Z DEBUG RDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamIDAttr: 2017-05-11T17:47:35Z DEBUG notUsedWithRDNMethod 2017-05-11T17:47:35Z DEBUG pamSecure: 2017-05-11T17:47:35Z DEBUG TRUE 2017-05-11T17:47:35Z DEBUG pamService: 2017-05-11T17:47:35Z DEBUG ldapserver 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginloadglobal: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG pam_passthruauth_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpreoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=PAM Pass Through Auth,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamFallback: 2017-05-11T17:47:35Z DEBUG FALSE 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG PAM Pass Through Auth 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG pamExcludeSuffix: 2017-05-11T17:47:35Z DEBUG cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamMissingSuffix: 2017-05-11T17:47:35Z DEBUG ALLOW 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG off 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libpam-passthru-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG pamConfig 2017-05-11T17:47:35Z DEBUG pamIDMapMethod: 2017-05-11T17:47:35Z DEBUG RDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG none 2017-05-11T17:47:35Z DEBUG pamIDAttr: 2017-05-11T17:47:35Z DEBUG notUsedWithRDNMethod 2017-05-11T17:47:35Z DEBUG pamSecure: 2017-05-11T17:47:35Z DEBUG TRUE 2017-05-11T17:47:35Z DEBUG pamService: 2017-05-11T17:47:35Z DEBUG ldapserver 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpreoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginloadglobal: 2017-05-11T17:47:35Z DEBUG true 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG pam_passthruauth_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG referint 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG referential integrity postoperation 2017-05-11T17:47:35Z DEBUG referint-update-delay: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG referential integrity plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libreferint-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG referint-logfile: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:47:35Z DEBUG referint-logchanges: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG referint-membership-attr: 2017-05-11T17:47:35Z DEBUG member 2017-05-11T17:47:35Z DEBUG uniquemember 2017-05-11T17:47:35Z DEBUG owner 2017-05-11T17:47:35Z DEBUG seeAlso 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG referint_postop_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG referint 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG referential integrity postoperation 2017-05-11T17:47:35Z DEBUG referint-update-delay: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG referential integrity plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libreferint-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG referint-logfile: 2017-05-11T17:47:35Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:47:35Z DEBUG referint-logchanges: 2017-05-11T17:47:35Z DEBUG 0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG referint-membership-attr: 2017-05-11T17:47:35Z DEBUG member 2017-05-11T17:47:35Z DEBUG uniquemember 2017-05-11T17:47:35Z DEBUG owner 2017-05-11T17:47:35Z DEBUG seeAlso 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG referint_postop_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Roles Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Roles Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:47:35Z DEBUG State Change Plugin 2017-05-11T17:47:35Z DEBUG Views 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG roles plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libroles-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG roles 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG roles_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Roles Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:47:35Z DEBUG State Change Plugin 2017-05-11T17:47:35Z DEBUG Views 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG roles plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libroles-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG roles 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG roles_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=State Change Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG statechange 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG State Change Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG state change notification service plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libstatechange-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG statechange_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG statechange 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG State Change Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG state change notification service plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libstatechange-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG statechange_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=USN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=USN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG USN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG USN (Update Sequence Number) plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libusn-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG USN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG usn_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=USN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG USN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.3.5.10 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG USN (Update Sequence Number) plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libusn-plugin 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG USN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG usn_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG 389 Project 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA MODRDN plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_modrdn 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG Red Hat, Inc. 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipamodrdn_init 2017-05-11T17:47:35Z DEBUG only: set nsslapd-plugintype to 'betxnpostoperation', current value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG only: updated value ['betxnpostoperation'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG IPA MODRDN 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA MODRDN plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_modrdn 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG Red Hat, Inc. 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 60 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG betxnpostoperation 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipamodrdn_init 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=ipa_pwd_extop,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ipa_pwd_extop 2017-05-11T17:47:35Z DEBUG nsslapd-realmtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG FreeIPA/1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA Password Extended Operation plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_pwd_extop 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA Password Manager 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipapwd_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG extendedop 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG FreeIPA project 2017-05-11T17:47:35Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2017-05-11T17:47:35Z DEBUG only: updated value ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ipa_pwd_extop 2017-05-11T17:47:35Z DEBUG nsslapd-realmtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG FreeIPA/1.0 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG IPA Password Extended Operation plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG libipa_pwd_extop 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:35Z DEBUG database 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG IPA Password Manager 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG ipapwd_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG extendedop 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG FreeIPA project 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Schema Compatibility 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 0.56 (betxn support available and enabled by default) 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Schema Compatibility Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG schema-compat-plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG schema_compat_plugin_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG redhat.com 2017-05-11T17:47:35Z DEBUG onlyifexist: 'on' to nsslapd-pluginbetxn, current value ['on'] 2017-05-11T17:47:35Z DEBUG onlyifexist: set nsslapd-pluginbetxn to ['on'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG Schema Compatibility 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:35Z DEBUG 0.56 (betxn support available and enabled by default) 2017-05-11T17:47:35Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:35Z DEBUG Schema Compatibility Plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:35Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG nsSlapdPlugin 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:35Z DEBUG schema-compat-plugin 2017-05-11T17:47:35Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:35Z DEBUG schema_compat_plugin_init 2017-05-11T17:47:35Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:35Z DEBUG 40 2017-05-11T17:47:35Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:35Z DEBUG object 2017-05-11T17:47:35Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:35Z DEBUG redhat.com 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG New entry: cn=NIS Server,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=NIS Server,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG onlyifexist: 'on' to nsslapd-pluginbetxn, current value [] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=NIS Server,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG Parsing update file '/usr/share/ipa/updates/10-rootdse.update' 2017-05-11T17:47:35Z DEBUG Updating existing entry: 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: 2017-05-11T17:47:35Z DEBUG netscapemdsuffix: 2017-05-11T17:47:35Z DEBUG cn=ldap://dc=ipa,dc=rdlg,dc=net:0 2017-05-11T17:47:35Z DEBUG ipaDomainLevel: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(read,search,compare) userdn="ldap:///anyone";) 2017-05-11T17:47:35Z DEBUG dataversion: 2017-05-11T17:47:35Z DEBUG 020170511174733020170511174733 2017-05-11T17:47:35Z DEBUG lastusn: 2017-05-11T17:47:35Z DEBUG 392 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG ipatopologyismanaged: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG ipatopologypluginversion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG add: 'namingContexts' to nsslapd-return-default-opattr, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['namingContexts'] 2017-05-11T17:47:35Z DEBUG add: 'supportedControl' to nsslapd-return-default-opattr, current value ['namingContexts'] 2017-05-11T17:47:35Z DEBUG add: updated value ['namingContexts', 'supportedControl'] 2017-05-11T17:47:35Z DEBUG add: 'supportedExtension' to nsslapd-return-default-opattr, current value ['supportedControl', 'namingContexts'] 2017-05-11T17:47:35Z DEBUG add: updated value ['supportedControl', 'namingContexts', 'supportedExtension'] 2017-05-11T17:47:35Z DEBUG add: 'supportedLDAPVersion' to nsslapd-return-default-opattr, current value ['supportedControl', 'namingContexts', 'supportedExtension'] 2017-05-11T17:47:35Z DEBUG add: updated value ['supportedControl', 'namingContexts', 'supportedExtension', 'supportedLDAPVersion'] 2017-05-11T17:47:35Z DEBUG add: 'supportedSASLMechanisms' to nsslapd-return-default-opattr, current value ['supportedControl', 'namingContexts', 'supportedExtension', 'supportedLDAPVersion'] 2017-05-11T17:47:35Z DEBUG add: updated value ['supportedControl', 'namingContexts', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms'] 2017-05-11T17:47:35Z DEBUG add: 'vendorName' to nsslapd-return-default-opattr, current value ['supportedControl', 'namingContexts', 'supportedExtension', 'supportedSASLMechanisms', 'supportedLDAPVersion'] 2017-05-11T17:47:35Z DEBUG add: updated value ['supportedControl', 'namingContexts', 'supportedExtension', 'supportedSASLMechanisms', 'supportedLDAPVersion', 'vendorName'] 2017-05-11T17:47:35Z DEBUG add: 'vendorVersion' to nsslapd-return-default-opattr, current value ['supportedLDAPVersion', 'namingContexts', 'supportedSASLMechanisms', 'supportedExtension', 'supportedControl', 'vendorName'] 2017-05-11T17:47:35Z DEBUG add: updated value ['supportedLDAPVersion', 'namingContexts', 'supportedSASLMechanisms', 'supportedExtension', 'supportedControl', 'vendorName', 'vendorVersion'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: 2017-05-11T17:47:35Z DEBUG netscapemdsuffix: 2017-05-11T17:47:35Z DEBUG cn=ldap://dc=ipa,dc=rdlg,dc=net:0 2017-05-11T17:47:35Z DEBUG ipaDomainLevel: 2017-05-11T17:47:35Z DEBUG 1 2017-05-11T17:47:35Z DEBUG aci: 2017-05-11T17:47:35Z DEBUG (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(read,search,compare) userdn="ldap:///anyone";) 2017-05-11T17:47:35Z DEBUG dataversion: 2017-05-11T17:47:35Z DEBUG 020170511174733020170511174733 2017-05-11T17:47:35Z DEBUG lastusn: 2017-05-11T17:47:35Z DEBUG 392 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG defaultnamingcontext: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG ipatopologyismanaged: 2017-05-11T17:47:35Z DEBUG on 2017-05-11T17:47:35Z DEBUG nsslapd-return-default-opattr: 2017-05-11T17:47:35Z DEBUG supportedLDAPVersion 2017-05-11T17:47:35Z DEBUG namingContexts 2017-05-11T17:47:35Z DEBUG supportedSASLMechanisms 2017-05-11T17:47:35Z DEBUG vendorVersion 2017-05-11T17:47:35Z DEBUG supportedExtension 2017-05-11T17:47:35Z DEBUG supportedControl 2017-05-11T17:47:35Z DEBUG vendorName 2017-05-11T17:47:35Z DEBUG ipatopologypluginversion: 2017-05-11T17:47:35Z DEBUG 1.0 2017-05-11T17:47:35Z DEBUG [(2, u'nsslapd-return-default-opattr', ['supportedLDAPVersion', 'namingContexts', 'supportedSASLMechanisms', 'vendorVersion', 'supportedExtension', 'supportedControl', 'vendorName'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Parsing update file '/usr/share/ipa/updates/10-schema_compat.update' 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG only: set schema-compat-entry-rdn to '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")', current value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2017-05-11T17:47:35Z DEBUG only: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' not in schema-compat-entry-attribute 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsUser=%{ipaSudoRunAsExtUser}' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsUser=%{ipaSudoRunAsExtUser}' not in schema-compat-entry-attribute 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' not in schema-compat-entry-attribute 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' not in schema-compat-entry-attribute 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' from schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' not in schema-compat-entry-attribute 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [] 2017-05-11T17:47:35Z DEBUG Updated 0 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2017-05-11T17:47:35Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG add: 'dc=rdlg,dc=net' to schema-compat-restrict-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2017-05-11T17:47:35Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net' to schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:35Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [(2, u'schema-compat-restrict-subtree', ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, u'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net']), (0, u'schema-compat-entry-attribute', ['sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2017-05-11T17:47:35Z DEBUG objectclass=nisNetgroup 2017-05-11T17:47:35Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) 2017-05-11T17:47:35Z DEBUG schema-compat-check-access: 2017-05-11T17:47:35Z DEBUG yes 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ng 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (objectclass=ipaNisNetgroup) 2017-05-11T17:47:35Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:35Z DEBUG cn=ng 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG cn=%{cn} 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=ng, cn=alt, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG replace: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"-\\")",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"-\\")"),%{nisDomainName:-})'] 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG add: 'dc=rdlg,dc=net' to schema-compat-restrict-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2017-05-11T17:47:35Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net' to schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2017-05-11T17:47:35Z DEBUG objectclass=nisNetgroup 2017-05-11T17:47:35Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-}) 2017-05-11T17:47:35Z DEBUG schema-compat-check-access: 2017-05-11T17:47:35Z DEBUG yes 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG ng 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:35Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (objectclass=ipaNisNetgroup) 2017-05-11T17:47:35Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:35Z DEBUG cn=ng 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG cn=%{cn} 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=ng, cn=alt, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [(2, u'schema-compat-restrict-subtree', ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, u'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net']), (0, u'schema-compat-entry-attribute', ['nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"-\\")",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"-\\")"),%{nisDomainName:-})']), (1, u'schema-compat-entry-attribute', ['nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG objectclass=device 2017-05-11T17:47:35Z DEBUG cn=%{fqdn} 2017-05-11T17:47:35Z DEBUG macAddress=%{macAddress} 2017-05-11T17:47:35Z DEBUG objectclass=ieee802Device 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG computers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG cn=%first("%{fqdn}") 2017-05-11T17:47:35Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:35Z DEBUG cn=computers 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2017-05-11T17:47:35Z DEBUG add: 'dc=rdlg,dc=net' to schema-compat-restrict-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG add: updated value ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2017-05-11T17:47:35Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net' to schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:35Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG objectclass=device 2017-05-11T17:47:35Z DEBUG cn=%{fqdn} 2017-05-11T17:47:35Z DEBUG macAddress=%{macAddress} 2017-05-11T17:47:35Z DEBUG objectclass=ieee802Device 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG computers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:35Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG cn=%first("%{fqdn}") 2017-05-11T17:47:35Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:35Z DEBUG cn=computers 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [(2, u'schema-compat-restrict-subtree', ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, u'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:35Z DEBUG Done 2017-05-11T17:47:35Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Initial value 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:35Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG add: 'sudoOrder=%{sudoOrder}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'] 2017-05-11T17:47:35Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoOption=%{ipaSudoOpt}', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoOrder=%{sudoOrder}'] 2017-05-11T17:47:35Z DEBUG --------------------------------------------- 2017-05-11T17:47:35Z DEBUG Final value after applying updates 2017-05-11T17:47:35Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2017-05-11T17:47:35Z DEBUG objectclass=sudoRole 2017-05-11T17:47:35Z DEBUG sudoOption=%{ipaSudoOpt} 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2017-05-11T17:47:35Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2017-05-11T17:47:35Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2017-05-11T17:47:35Z DEBUG sudoOrder=%{sudoOrder} 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2017-05-11T17:47:35Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2017-05-11T17:47:35Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2017-05-11T17:47:35Z DEBUG cn: 2017-05-11T17:47:35Z DEBUG sudoers 2017-05-11T17:47:35Z DEBUG objectClass: 2017-05-11T17:47:35Z DEBUG top 2017-05-11T17:47:35Z DEBUG extensibleObject 2017-05-11T17:47:35Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:35Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:35Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:35Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2017-05-11T17:47:35Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:35Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:35Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2017-05-11T17:47:35Z DEBUG schema-compat-search-base: 2017-05-11T17:47:35Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG schema-compat-container-group: 2017-05-11T17:47:35Z DEBUG ou=SUDOers, dc=rdlg,dc=net 2017-05-11T17:47:35Z DEBUG [(0, u'schema-compat-entry-attribute', ['sudoOrder=%{sudoOrder}'])] 2017-05-11T17:47:35Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2017-05-11T17:47:36Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2017-05-11T17:47:36Z DEBUG add: 'dc=rdlg,dc=net' to schema-compat-restrict-subtree, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2017-05-11T17:47:36Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net' to schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [(2, u'schema-compat-restrict-subtree', ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, u'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG memberUid=%{memberUid} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG groups 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=groups 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2017-05-11T17:47:36Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2017-05-11T17:47:36Z DEBUG add: 'dc=rdlg,dc=net' to schema-compat-restrict-subtree, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2017-05-11T17:47:36Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net' to schema-compat-ignore-subtree, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG memberUid=%{memberUid} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG groups 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=groups 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [(2, u'schema-compat-restrict-subtree', ['dc=rdlg,dc=net', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, u'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Schema Compatibility 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 0.56 (betxn support available and enabled by default) 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Schema Compatibility Plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG schema-compat-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG schema_compat_plugin_init 2017-05-11T17:47:36Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:36Z DEBUG 40 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG object 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG redhat.com 2017-05-11T17:47:36Z DEBUG add: '40' to nsslapd-pluginprecedence, current value ['40'] 2017-05-11T17:47:36Z DEBUG add: updated value ['40'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Schema Compatibility 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 0.56 (betxn support available and enabled by default) 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Schema Compatibility Plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG schema-compat-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG schema_compat_plugin_init 2017-05-11T17:47:36Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:36Z DEBUG 40 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG object 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG redhat.com 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")'] 2017-05-11T17:47:36Z DEBUG add: 'ipaanchoruuid=%{ipaanchoruuid}' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', 'ipaanchoruuid=%{ipaanchoruuid}'] 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG memberUid=%{memberUid} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG groups 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=groups 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")'] 2017-05-11T17:47:36Z DEBUG add: 'ipaanchoruuid=%{ipaanchoruuid}' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gidNumber=%{gidNumber}', 'objectclass=posixGroup', 'memberUid=%{memberUid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'memberUid=%deref_r("member","uid")'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gidNumber=%{gidNumber}', 'objectclass=posixGroup', 'memberUid=%{memberUid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'memberUid=%deref_r("member","uid")', 'ipaanchoruuid=%{ipaanchoruuid}'] 2017-05-11T17:47:36Z DEBUG add: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG add: updated value ['gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG memberUid=%{memberUid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG groups 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=groups 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixGroup 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG add: 'uid=%{uid}' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}'] 2017-05-11T17:47:36Z DEBUG add: updated value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'cn=%{cn}', 'objectclass=posixAccount', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'gecos=%{cn}', 'ipaanchoruuid=%{ipaanchoruuid}', 'uidNumber=%{uidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', 'uid=%{uid}'] 2017-05-11T17:47:36Z DEBUG replace: updated value ['uid=%first("%{uid}")'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:47:36Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG cn=%{cn} 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:47:36Z DEBUG uid=%{uid} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:47:36Z DEBUG gecos=%{cn} 2017-05-11T17:47:36Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:47:36Z DEBUG uidNumber=%{uidNumber} 2017-05-11T17:47:36Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:47:36Z DEBUG loginShell=%{loginShell} 2017-05-11T17:47:36Z DEBUG homeDirectory=%{homeDirectory} 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG users 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG schema-compat-container-rdn: 2017-05-11T17:47:36Z DEBUG cn=users 2017-05-11T17:47:36Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:47:36Z DEBUG uid=%first("%{uid}") 2017-05-11T17:47:36Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:47:36Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-search-filter: 2017-05-11T17:47:36Z DEBUG objectclass=posixAccount 2017-05-11T17:47:36Z DEBUG schema-compat-search-base: 2017-05-11T17:47:36Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG schema-compat-container-group: 2017-05-11T17:47:36Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [(0, u'schema-compat-entry-rdn', ['uid=%first("%{uid}")']), (1, u'schema-compat-entry-rdn', ['uid=%{uid}']), (0, u'schema-compat-entry-attribute', ['uid=%{uid}'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/10-selinuxusermap.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG selinux 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG selinux 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG usermap 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG usermap 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/10-uniqueness.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=sudorule name uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=sudorule name uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sudorule name uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=sudorule name uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sudorule name uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG New entry: cn=certificate store subject uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=certificate store subject uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaCertSubject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG certificate store subject uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=certificate store subject uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaCertSubject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG certificate store subject uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG New entry: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaCertIssuerSerial 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG certificate store issuer/serial uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaCertIssuerSerial 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG certificate store issuer/serial uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG New entry: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG uid 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG uniqueness-subtree-entries-oc: 2017-05-11T17:47:36Z DEBUG posixAccount 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG uid uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=compat,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG uid 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG uniqueness-subtree-entries-oc: 2017-05-11T17:47:36Z DEBUG posixAccount 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG uid uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=compat,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG uid 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG uniqueness-subtree-entries-oc: 2017-05-11T17:47:36Z DEBUG posixAccount 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG uid uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=compat,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG add: 'cn=compat,dc=rdlg,dc=net' to uniqueness-exclude-subtrees, current value ['cn=compat,dc=rdlg,dc=net', 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net', 'cn=compat,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net' to uniqueness-exclude-subtrees, current value ['cn=compat,dc=rdlg,dc=net', 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=compat,dc=rdlg,dc=net', 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG remove: 'off' from uniqueness-across-all-subtrees, current value ['on'] 2017-05-11T17:47:36Z DEBUG remove: 'off' not in uniqueness-across-all-subtrees 2017-05-11T17:47:36Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2017-05-11T17:47:36Z DEBUG add: updated value ['on'] 2017-05-11T17:47:36Z DEBUG add: 'posixAccount' to uniqueness-subtree-entries-oc, current value ['posixAccount'] 2017-05-11T17:47:36Z DEBUG add: updated value ['posixAccount'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG uid 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG uniqueness-subtree-entries-oc: 2017-05-11T17:47:36Z DEBUG posixAccount 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG uid uniqueness 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.1.0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG Fedora Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=compat,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG krbPrincipalName 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG krbPrincipalName uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2017-05-11T17:47:36Z DEBUG add: updated value ['on'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG krbPrincipalName 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG krbPrincipalName uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG krbCanonicalName 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG krbCanonicalName uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2017-05-11T17:47:36Z DEBUG add: updated value ['on'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG krbCanonicalName 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG krbCanonicalName uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaUniqueID 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipaUniqueID uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2017-05-11T17:47:36Z DEBUG add: updated value ['on'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG uniqueness-attribute-name: 2017-05-11T17:47:36Z DEBUG ipaUniqueID 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipaUniqueID uniqueness 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Enforce unique attribute values 2017-05-11T17:47:36Z DEBUG uniqueness-across-all-subtrees: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libattr-unique-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG uniqueness-exclude-subtrees: 2017-05-11T17:47:36Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG uniqueness-subtrees: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG NSUniqueAttr_Init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/19-managed-entries.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Managed Entries plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libmanagedentries-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:36Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG betxnpreoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG mep_init 2017-05-11T17:47:36Z DEBUG only: set nsslapd-pluginConfigArea to 'cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net', current value ['cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG only: updated value ['cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG 1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG Managed Entries plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libmanagedentries-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG 389 Project 2017-05-11T17:47:36Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:47:36Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG betxnpreoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG mep_init 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Managed Entries 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Templates 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Templates 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Definitions 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Definitions 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/20-aci.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ng 2017-05-11T17:47:36Z DEBUG add: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)' to aci, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ng 2017-05-11T17:47:36Z DEBUG [(2, u'aci', ['(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG accounts 2017-05-11T17:47:36Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG accounts 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG add: '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG computers 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)' to aci, current value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG computers 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG computers 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)' to aci, current value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG computers 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG add: '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG add: '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG replicas 2017-05-11T17:47:36Z DEBUG remove: '(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG replicas 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG masters 2017-05-11T17:47:36Z DEBUG add: '(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)' to aci, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG masters 2017-05-11T17:47:36Z DEBUG [(2, u'aci', ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG masters 2017-05-11T17:47:36Z DEBUG add: '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG masters 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sysaccounts 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sysaccounts 2017-05-11T17:47:36Z DEBUG [(2, u'aci', ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG kerberos 2017-05-11T17:47:36Z DEBUG add: '(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)' to aci, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG kerberos 2017-05-11T17:47:36Z DEBUG [(2, u'aci', ['(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG add: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG add: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=tasks,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=tasks,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG tasks 2017-05-11T17:47:36Z DEBUG add: '(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=tasks,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG tasks 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG mapping tree 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG mapping tree 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG mapping tree 2017-05-11T17:47:36Z DEBUG add: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG mapping tree 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=dc\=rdlg\,dc\=net,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=dc\=rdlg\,dc\=net,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-state: 2017-05-11T17:47:36Z DEBUG backend 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsMappingTree 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG "dc=rdlg,dc=net" 2017-05-11T17:47:36Z DEBUG nsslapd-backend: 2017-05-11T17:47:36Z DEBUG userRoot 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=dc\=rdlg\,dc\=net,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-state: 2017-05-11T17:47:36Z DEBUG backend 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsMappingTree 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG "dc=rdlg,dc=net" 2017-05-11T17:47:36Z DEBUG nsslapd-backend: 2017-05-11T17:47:36Z DEBUG userRoot 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-state: 2017-05-11T17:47:36Z DEBUG Backend 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsMappingTree 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG o=ipaca 2017-05-11T17:47:36Z DEBUG nsslapd-backend: 2017-05-11T17:47:36Z DEBUG ipaca 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-state: 2017-05-11T17:47:36Z DEBUG Backend 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsMappingTree 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG o=ipaca 2017-05-11T17:47:36Z DEBUG nsslapd-backend: 2017-05-11T17:47:36Z DEBUG ipaca 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-betype: 2017-05-11T17:47:36Z DEBUG ldbm database 2017-05-11T17:47:36Z DEBUG nsslapd-nagle: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:36Z DEBUG 64 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 500 2017-05-11T17:47:36Z DEBUG passwordMinAlphas: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-readonly: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinUppers: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin: 2017-05-11T17:47:36Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:36Z DEBUG 20971520 2017-05-11T17:47:36Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:36Z DEBUG 3600 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG week 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordMinAge: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG week 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:36Z DEBUG 60 2017-05-11T17:47:36Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:36Z DEBUG 8192 2017-05-11T17:47:36Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordInHistory: 2017-05-11T17:47:36Z DEBUG 6 2017-05-11T17:47:36Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:36Z DEBUG 8192 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG passwordMaxAge: 2017-05-11T17:47:36Z DEBUG 8639913600 2017-05-11T17:47:36Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:36Z DEBUG gidNumber 2017-05-11T17:47:36Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG day 2017-05-11T17:47:36Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:36Z DEBUG /tmp 2017-05-11T17:47:36Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-counters: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-minssf: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:36Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:36Z DEBUG nsslapd-localuser: 2017-05-11T17:47:36Z DEBUG dirsrv 2017-05-11T17:47:36Z DEBUG nsslapd-security: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordChange: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:36Z DEBUG passwordMaxFailure: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:36Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:36Z DEBUG 128 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:36Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:36Z DEBUG cn=Directory Manager 2017-05-11T17:47:36Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:36Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordMustChange: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordExp: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:36Z DEBUG dirsrv-log 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:36Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:36Z DEBUG cn=Directory Manager 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinLength: 2017-05-11T17:47:36Z DEBUG 8 2017-05-11T17:47:36Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG day 2017-05-11T17:47:36Z DEBUG nsslapd-securePort: 2017-05-11T17:47:36Z DEBUG 636 2017-05-11T17:47:36Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapdConfig 2017-05-11T17:47:36Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:36Z DEBUG next 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordGraceLimit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG passwordWarning: 2017-05-11T17:47:36Z DEBUG 86400 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-config: 2017-05-11T17:47:36Z DEBUG cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:36Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:36Z DEBUG 256 2017-05-11T17:47:36Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:36Z DEBUG SSHA 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordLockout: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:36Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-certdir: 2017-05-11T17:47:36Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 10 2017-05-11T17:47:36Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:36Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:36Z DEBUG 30 2017-05-11T17:47:36Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-localhost: 2017-05-11T17:47:36Z DEBUG ipa.rdlg.net 2017-05-11T17:47:36Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:36Z DEBUG passwordMin8bit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:36Z DEBUG uidNumber 2017-05-11T17:47:36Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:36Z DEBUG warn 2017-05-11T17:47:36Z DEBUG passwordMinCategories: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG passwordMinLowers: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordAdminDN: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordMinSpecials: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:36Z DEBUG 40 2017-05-11T17:47:36Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:36Z DEBUG -1 2017-05-11T17:47:36Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG passwordUnlock: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:36Z DEBUG 209715200 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:36Z DEBUG dc=example,dc=com 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-localssf: 2017-05-11T17:47:36Z DEBUG 71 2017-05-11T17:47:36Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:36Z DEBUG 2000 2017-05-11T17:47:36Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:36Z DEBUG 3600 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-port: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:36Z DEBUG cn=schema 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG cn=monitor 2017-05-11T17:47:36Z DEBUG cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 2 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:36Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:36Z DEBUG 300000 2017-05-11T17:47:36Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-rundir: 2017-05-11T17:47:36Z DEBUG /var/run/dirsrv 2017-05-11T17:47:36Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:36Z DEBUG replication-only 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:36Z DEBUG 16384 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:36Z DEBUG 10000 2017-05-11T17:47:36Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinDigits: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:36Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG passwordStorageScheme: 2017-05-11T17:47:36Z DEBUG SSHA 2017-05-11T17:47:36Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-betype: 2017-05-11T17:47:36Z DEBUG ldbm database 2017-05-11T17:47:36Z DEBUG nsslapd-nagle: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-referralmode: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:47:36Z DEBUG 64 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 500 2017-05-11T17:47:36Z DEBUG passwordMinAlphas: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-readonly: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordLegacyPolicy: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinUppers: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-plugin: 2017-05-11T17:47:36Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:47:36Z DEBUG 20971520 2017-05-11T17:47:36Z DEBUG nsslapd-timelimit: 2017-05-11T17:47:36Z DEBUG 3600 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinTokenLength: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG week 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordMinAge: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG week 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:47:36Z DEBUG 60 2017-05-11T17:47:36Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:47:36Z DEBUG 8192 2017-05-11T17:47:36Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordInHistory: 2017-05-11T17:47:36Z DEBUG 6 2017-05-11T17:47:36Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-conntablesize: 2017-05-11T17:47:36Z DEBUG 8192 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-saslpath: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG passwordMaxAge: 2017-05-11T17:47:36Z DEBUG 8639913600 2017-05-11T17:47:36Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:47:36Z DEBUG gidNumber 2017-05-11T17:47:36Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG day 2017-05-11T17:47:36Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-csnlogging: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-tmpdir: 2017-05-11T17:47:36Z DEBUG /tmp 2017-05-11T17:47:36Z DEBUG passwordResetFailureCount: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-counters: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-svrtab: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-minssf: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-schemadir: 2017-05-11T17:47:36Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:47:36Z DEBUG nsslapd-localuser: 2017-05-11T17:47:36Z DEBUG dirsrv 2017-05-11T17:47:36Z DEBUG nsslapd-security: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordChange: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-port 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:47:36Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:47:36Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:47:36Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:47:36Z DEBUG passwordMaxFailure: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:47:36Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:47:36Z DEBUG 128 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:47:36Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-rootdn: 2017-05-11T17:47:36Z DEBUG cn=Directory Manager 2017-05-11T17:47:36Z DEBUG nsslapd-ldifdir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:47:36Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordMustChange: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordExp: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-logging-backend: 2017-05-11T17:47:36Z DEBUG dirsrv-log 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:36Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:47:36Z DEBUG cn=Directory Manager 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinLength: 2017-05-11T17:47:36Z DEBUG 8 2017-05-11T17:47:36Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-idletimeout: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:47:36Z DEBUG day 2017-05-11T17:47:36Z DEBUG nsslapd-securePort: 2017-05-11T17:47:36Z DEBUG 636 2017-05-11T17:47:36Z DEBUG nsslapd-snmp-index: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG config 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsslapdConfig 2017-05-11T17:47:36Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordSendExpiringTime: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-hash-filters: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:47:36Z DEBUG next 2017-05-11T17:47:36Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:47:36Z DEBUG -10 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-listenhost: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordCheckSyntax: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordGraceLimit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG passwordWarning: 2017-05-11T17:47:36Z DEBUG 86400 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-instancedir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-config: 2017-05-11T17:47:36Z DEBUG cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-versionstring: 2017-05-11T17:47:36Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:47:36Z DEBUG 256 2017-05-11T17:47:36Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:47:36Z DEBUG SSHA 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG passwordLockout: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-lockdir: 2017-05-11T17:47:36Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-certdir: 2017-05-11T17:47:36Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 10 2017-05-11T17:47:36Z DEBUG nsslapd-backendconfig: 2017-05-11T17:47:36Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-threadnumber: 2017-05-11T17:47:36Z DEBUG 30 2017-05-11T17:47:36Z DEBUG nsslapd-schemamod: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-localhost: 2017-05-11T17:47:36Z DEBUG ipa.rdlg.net 2017-05-11T17:47:36Z DEBUG nsslapd-bakdir: 2017-05-11T17:47:36Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:47:36Z DEBUG passwordMin8bit: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:47:36Z DEBUG uidNumber 2017-05-11T17:47:36Z DEBUG nsslapd-validate-cert: 2017-05-11T17:47:36Z DEBUG warn 2017-05-11T17:47:36Z DEBUG passwordMinCategories: 2017-05-11T17:47:36Z DEBUG 3 2017-05-11T17:47:36Z DEBUG passwordMinLowers: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordAdminDN: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordMinSpecials: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-lastmod: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:47:36Z DEBUG 40 2017-05-11T17:47:36Z DEBUG passwordMaxRepeats: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:47:36Z DEBUG -1 2017-05-11T17:47:36Z DEBUG nsslapd-result-tweak: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:47:36Z DEBUG month 2017-05-11T17:47:36Z DEBUG passwordUnlock: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-schemacheck: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-maxbersize: 2017-05-11T17:47:36Z DEBUG 209715200 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:47:36Z DEBUG dc=example,dc=com 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-localssf: 2017-05-11T17:47:36Z DEBUG 71 2017-05-11T17:47:36Z DEBUG nsslapd-sizelimit: 2017-05-11T17:47:36Z DEBUG 2000 2017-05-11T17:47:36Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 1 2017-05-11T17:47:36Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:47:36Z DEBUG 2097152 2017-05-11T17:47:36Z DEBUG passwordLockoutDuration: 2017-05-11T17:47:36Z DEBUG 3600 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-port: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:47:36Z DEBUG 100 2017-05-11T17:47:36Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:47:36Z DEBUG cn=schema 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG cn=monitor 2017-05-11T17:47:36Z DEBUG cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:47:36Z DEBUG 2 2017-05-11T17:47:36Z DEBUG nsslapd-auditlog: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:47:36Z DEBUG 600 2017-05-11T17:47:36Z DEBUG nsslapd-rootpw: 2017-05-11T17:47:36Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:47:36Z DEBUG 300000 2017-05-11T17:47:36Z DEBUG nsslapd-workingdir: 2017-05-11T17:47:36Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:47:36Z DEBUG 2017-05-11T17:47:36Z DEBUG nsslapd-rundir: 2017-05-11T17:47:36Z DEBUG /var/run/dirsrv 2017-05-11T17:47:36Z DEBUG nsslapd-schemareplace: 2017-05-11T17:47:36Z DEBUG replication-only 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:47:36Z DEBUG 16384 2017-05-11T17:47:36Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:47:36Z DEBUG 10000 2017-05-11T17:47:36Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG passwordMinDigits: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:47:36Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:47:36Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:47:36Z DEBUG 5 2017-05-11T17:47:36Z DEBUG passwordStorageScheme: 2017-05-11T17:47:36Z DEBUG SSHA 2017-05-11T17:47:36Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,cn=roles,cn=accounts,dc=rdlg,dc=net")(version 3.0; acl "No anonymous access to roles"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,cn=roles,cn=accounts,dc=rdlg,dc=net")(version 3.0; acl "No anonymous access to roles"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,ou=SUDOers,dc=rdlg,dc=net")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,ou=SUDOers,dc=rdlg,dc=net")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=hbac,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=hbac,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG hbac 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=hbac,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG hbac 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=sudo,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=sudo,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sudo 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value [] 2017-05-11T17:47:36Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=sudo,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sudo 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG accounts 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)' to aci, current value ['(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG accounts 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG add: '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG domain 2017-05-11T17:47:36Z DEBUG pilotObject 2017-05-11T17:47:36Z DEBUG info: 2017-05-11T17:47:36Z DEBUG IPA V2.0 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:47:36Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:47:36Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dc: 2017-05-11T17:47:36Z DEBUG rdlg 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG services 2017-05-11T17:47:36Z DEBUG remove: '(target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2017-05-11T17:47:36Z DEBUG remove: '(target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG services 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///krbprincipalname=*/($dn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ranges 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' to aci, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ranges 2017-05-11T17:47:36Z DEBUG [(2, u'aci', ['(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sysaccounts 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG sysaccounts 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG etc 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=replication,cn=etc,dc=rdlg,dc=net")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=replication,cn=etc,dc=rdlg,dc=net")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=replication,cn=etc,dc=rdlg,dc=net")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG etc 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=replication,cn=etc,dc=rdlg,dc=net")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG add: updated value ['(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa 2017-05-11T17:47:36Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/20-default_password_policy.update' 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Host Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Host Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Service Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Service Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Service Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Service Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Service Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG New entry: cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Kerberos Service Password Policy 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Kerberos Service Password Policy 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Kerberos Service Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Kerberos Service Password Policy 2017-05-11T17:47:36Z DEBUG krbPwdHistoryLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG krbPwdPolicy 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG krbPwdMinDiffChars: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMinLength: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdLockoutDuration: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdMaxFailure: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMaxPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbPwdFailureCountInterval: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG krbMinPwdLife: 2017-05-11T17:47:36Z DEBUG 0 2017-05-11T17:47:36Z DEBUG New entry: cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Host Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Host Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Hosts 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Hosts 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG New entry: cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Service Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Service Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Services 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Services 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG New entry: cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG cosTemplates 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectclass: 2017-05-11T17:47:36Z DEBUG cosTemplate 2017-05-11T17:47:36Z DEBUG krbContainer 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference: 2017-05-11T17:47:36Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cosPriority: 2017-05-11T17:47:36Z DEBUG 10000000000 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Default Password Policy 2017-05-11T17:47:36Z DEBUG New entry: cn=Default Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Kerberos Services 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Default Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG ldapsubentry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG cosSuperDefinition 2017-05-11T17:47:36Z DEBUG cosPointerDefinition 2017-05-11T17:47:36Z DEBUG cosTemplateDn: 2017-05-11T17:47:36Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG description: 2017-05-11T17:47:36Z DEBUG Default Password Policy for Kerberos Services 2017-05-11T17:47:36Z DEBUG cosAttribute: 2017-05-11T17:47:36Z DEBUG krbPwdPolicyReference default 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/20-dna.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Distributed Numeric Assignment Plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG off 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libdna-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG bepreoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG dna_init 2017-05-11T17:47:36Z DEBUG only: set nsslapd-pluginEnabled to 'on', current value ['off'] 2017-05-11T17:47:36Z DEBUG only: updated value ['on'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Distributed Numeric Assignment Plugin 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libdna-plugin 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG nsContainer 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG none 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG bepreoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG dna_init 2017-05-11T17:47:36Z DEBUG [(2, u'nsslapd-pluginEnabled', ['on'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG dnaScope: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG dnaThreshold: 2017-05-11T17:47:36Z DEBUG 500 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Posix IDs 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dnaNextValue: 2017-05-11T17:47:36Z DEBUG 1301600000 2017-05-11T17:47:36Z DEBUG dnaMagicRegen: 2017-05-11T17:47:36Z DEBUG -1 2017-05-11T17:47:36Z DEBUG dnaFilter: 2017-05-11T17:47:36Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:47:36Z DEBUG dnaType: 2017-05-11T17:47:36Z DEBUG uidNumber 2017-05-11T17:47:36Z DEBUG gidNumber 2017-05-11T17:47:36Z DEBUG dnaMaxValue: 2017-05-11T17:47:36Z DEBUG 1301799999 2017-05-11T17:47:36Z DEBUG dnaSharedCfgDN: 2017-05-11T17:47:36Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG only: set dnaMagicRegen to '-1', current value ['-1'] 2017-05-11T17:47:36Z DEBUG only: updated value ['-1'] 2017-05-11T17:47:36Z DEBUG add: 'cn=provisioning,dc=rdlg,dc=net' to dnaExcludeScope, current value [] 2017-05-11T17:47:36Z DEBUG add: updated value ['cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG dnaScope: 2017-05-11T17:47:36Z DEBUG dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG dnaThreshold: 2017-05-11T17:47:36Z DEBUG 500 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG Posix IDs 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG aci: 2017-05-11T17:47:36Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:47:36Z DEBUG dnaExcludeScope: 2017-05-11T17:47:36Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG dnaNextValue: 2017-05-11T17:47:36Z DEBUG 1301600000 2017-05-11T17:47:36Z DEBUG dnaMagicRegen: 2017-05-11T17:47:36Z DEBUG -1 2017-05-11T17:47:36Z DEBUG dnaFilter: 2017-05-11T17:47:36Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:47:36Z DEBUG dnaType: 2017-05-11T17:47:36Z DEBUG uidNumber 2017-05-11T17:47:36Z DEBUG gidNumber 2017-05-11T17:47:36Z DEBUG dnaMaxValue: 2017-05-11T17:47:36Z DEBUG 1301799999 2017-05-11T17:47:36Z DEBUG dnaSharedCfgDN: 2017-05-11T17:47:36Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [(2, u'dnaExcludeScope', ['cn=provisioning,dc=rdlg,dc=net'])] 2017-05-11T17:47:36Z DEBUG Updated 1 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa-winsync 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG ipawinsynchomedirattr: 2017-05-11T17:47:36Z DEBUG ipaHomesRootDir 2017-05-11T17:47:36Z DEBUG ipawinsyncnewuserocattr: 2017-05-11T17:47:36Z DEBUG ipauserobjectclasses 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libipa_winsync 2017-05-11T17:47:36Z DEBUG ipawinsyncuserflatten: 2017-05-11T17:47:36Z DEBUG true 2017-05-11T17:47:36Z DEBUG ipawinsyncdefaultgroupfilter: 2017-05-11T17:47:36Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2017-05-11T17:47:36Z DEBUG ipawinsyncforcesync: 2017-05-11T17:47:36Z DEBUG true 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG FreeIPA/1.0 2017-05-11T17:47:36Z DEBUG ipawinsyncrealmattr: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG ipawinsyncacctdisable: 2017-05-11T17:47:36Z DEBUG both 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG ipa_winsync_plugin_init 2017-05-11T17:47:36Z DEBUG ipawinsyncnewentryfilter: 2017-05-11T17:47:36Z DEBUG (cn=ipaConfig) 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG FreeIPA project 2017-05-11T17:47:36Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:36Z DEBUG 60 2017-05-11T17:47:36Z DEBUG ipawinsyncdefaultgroupattr: 2017-05-11T17:47:36Z DEBUG ipaDefaultPrimaryGroup 2017-05-11T17:47:36Z DEBUG ipawinsyncrealmfilter: 2017-05-11T17:47:36Z DEBUG (objectclass=krbRealmContainer) 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG ipa winsync plugin 2017-05-11T17:47:36Z DEBUG ipawinsyncloginshellattr: 2017-05-11T17:47:36Z DEBUG ipaDefaultLoginShell 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG ipa-winsync-plugin 2017-05-11T17:47:36Z DEBUG ipawinsyncuserattr: 2017-05-11T17:47:36Z DEBUG uidNumber -1 2017-05-11T17:47:36Z DEBUG gidNumber -1 2017-05-11T17:47:36Z DEBUG remove: 'uidNumber 999' from ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2017-05-11T17:47:36Z DEBUG remove: 'uidNumber 999' not in ipaWinSyncUserAttr 2017-05-11T17:47:36Z DEBUG remove: 'gidNumber 999' from ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2017-05-11T17:47:36Z DEBUG remove: 'gidNumber 999' not in ipaWinSyncUserAttr 2017-05-11T17:47:36Z DEBUG add: 'uidNumber -1' to ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2017-05-11T17:47:36Z DEBUG add: updated value ['gidNumber -1', 'uidNumber -1'] 2017-05-11T17:47:36Z DEBUG add: 'gidNumber -1' to ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2017-05-11T17:47:36Z DEBUG add: updated value ['uidNumber -1', 'gidNumber -1'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipa-winsync 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsSlapdPlugin 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG ipawinsynchomedirattr: 2017-05-11T17:47:36Z DEBUG ipaHomesRootDir 2017-05-11T17:47:36Z DEBUG ipawinsyncnewuserocattr: 2017-05-11T17:47:36Z DEBUG ipauserobjectclasses 2017-05-11T17:47:36Z DEBUG nsslapd-pluginPath: 2017-05-11T17:47:36Z DEBUG libipa_winsync 2017-05-11T17:47:36Z DEBUG ipawinsyncuserflatten: 2017-05-11T17:47:36Z DEBUG true 2017-05-11T17:47:36Z DEBUG ipawinsyncdefaultgroupfilter: 2017-05-11T17:47:36Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2017-05-11T17:47:36Z DEBUG ipawinsyncforcesync: 2017-05-11T17:47:36Z DEBUG true 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:47:36Z DEBUG FreeIPA/1.0 2017-05-11T17:47:36Z DEBUG ipawinsyncrealmattr: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG ipawinsyncacctdisable: 2017-05-11T17:47:36Z DEBUG both 2017-05-11T17:47:36Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:47:36Z DEBUG ipa_winsync_plugin_init 2017-05-11T17:47:36Z DEBUG ipawinsyncnewentryfilter: 2017-05-11T17:47:36Z DEBUG (cn=ipaConfig) 2017-05-11T17:47:36Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:47:36Z DEBUG database 2017-05-11T17:47:36Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:47:36Z DEBUG FreeIPA project 2017-05-11T17:47:36Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:47:36Z DEBUG 60 2017-05-11T17:47:36Z DEBUG ipawinsyncdefaultgroupattr: 2017-05-11T17:47:36Z DEBUG ipaDefaultPrimaryGroup 2017-05-11T17:47:36Z DEBUG ipawinsyncrealmfilter: 2017-05-11T17:47:36Z DEBUG (objectclass=krbRealmContainer) 2017-05-11T17:47:36Z DEBUG nsslapd-pluginType: 2017-05-11T17:47:36Z DEBUG preoperation 2017-05-11T17:47:36Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:47:36Z DEBUG ipa winsync plugin 2017-05-11T17:47:36Z DEBUG ipawinsyncloginshellattr: 2017-05-11T17:47:36Z DEBUG ipaDefaultLoginShell 2017-05-11T17:47:36Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:47:36Z DEBUG on 2017-05-11T17:47:36Z DEBUG nsslapd-pluginId: 2017-05-11T17:47:36Z DEBUG ipa-winsync-plugin 2017-05-11T17:47:36Z DEBUG ipawinsyncuserattr: 2017-05-11T17:47:36Z DEBUG uidNumber -1 2017-05-11T17:47:36Z DEBUG gidNumber -1 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/20-host_nis_groups.update' 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG mepTemplateEntry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG mepMappedAttr: 2017-05-11T17:47:36Z DEBUG cn: $cn 2017-05-11T17:47:36Z DEBUG memberHost: $dn 2017-05-11T17:47:36Z DEBUG description: ipaNetgroup $cn 2017-05-11T17:47:36Z DEBUG mepStaticAttr: 2017-05-11T17:47:36Z DEBUG ipaUniqueId: autogenerate 2017-05-11T17:47:36Z DEBUG objectclass: ipanisnetgroup 2017-05-11T17:47:36Z DEBUG objectclass: ipaobject 2017-05-11T17:47:36Z DEBUG nisDomainName: rdlg.net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG NGP HGP Template 2017-05-11T17:47:36Z DEBUG mepRDNAttr: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG mepTemplateEntry 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG mepMappedAttr: 2017-05-11T17:47:36Z DEBUG cn: $cn 2017-05-11T17:47:36Z DEBUG memberHost: $dn 2017-05-11T17:47:36Z DEBUG description: ipaNetgroup $cn 2017-05-11T17:47:36Z DEBUG mepStaticAttr: 2017-05-11T17:47:36Z DEBUG ipaUniqueId: autogenerate 2017-05-11T17:47:36Z DEBUG objectclass: ipanisnetgroup 2017-05-11T17:47:36Z DEBUG objectclass: ipaobject 2017-05-11T17:47:36Z DEBUG nisDomainName: rdlg.net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG NGP HGP Template 2017-05-11T17:47:36Z DEBUG mepRDNAttr: 2017-05-11T17:47:36Z DEBUG cn 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Updating existing entry: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG NGP Definition 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG managedbase: 2017-05-11T17:47:36Z DEBUG cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG originfilter: 2017-05-11T17:47:36Z DEBUG objectclass=ipahostgroup 2017-05-11T17:47:36Z DEBUG originscope: 2017-05-11T17:47:36Z DEBUG cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG managedtemplate: 2017-05-11T17:47:36Z DEBUG cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG only: set cn to 'NGP Definition', current value ['NGP Definition'] 2017-05-11T17:47:36Z DEBUG only: updated value ['NGP Definition'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG NGP Definition 2017-05-11T17:47:36Z DEBUG objectClass: 2017-05-11T17:47:36Z DEBUG extensibleObject 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG managedbase: 2017-05-11T17:47:36Z DEBUG cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG originfilter: 2017-05-11T17:47:36Z DEBUG objectclass=ipahostgroup 2017-05-11T17:47:36Z DEBUG originscope: 2017-05-11T17:47:36Z DEBUG cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG managedtemplate: 2017-05-11T17:47:36Z DEBUG cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:47:36Z DEBUG [] 2017-05-11T17:47:36Z DEBUG Updated 0 2017-05-11T17:47:36Z DEBUG Done 2017-05-11T17:47:36Z DEBUG Parsing update file '/usr/share/ipa/updates/20-idoverride_index.update' 2017-05-11T17:47:36Z DEBUG New entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Initial value 2017-05-11T17:47:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG ObjectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsIndex 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipaOriginalUid 2017-05-11T17:47:36Z DEBUG nsSystemIndex: 2017-05-11T17:47:36Z DEBUG false 2017-05-11T17:47:36Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:47:36Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:36Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:36Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:36Z DEBUG --------------------------------------------- 2017-05-11T17:47:36Z DEBUG Final value after applying updates 2017-05-11T17:47:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:36Z DEBUG ObjectClass: 2017-05-11T17:47:36Z DEBUG top 2017-05-11T17:47:36Z DEBUG nsIndex 2017-05-11T17:47:36Z DEBUG nsIndexType: 2017-05-11T17:47:36Z DEBUG eq 2017-05-11T17:47:36Z DEBUG pres 2017-05-11T17:47:36Z DEBUG cn: 2017-05-11T17:47:36Z DEBUG ipaOriginalUid 2017-05-11T17:47:36Z DEBUG nsSystemIndex: 2017-05-11T17:47:36Z DEBUG false 2017-05-11T17:47:41Z DEBUG Creating task to index attribute: ipaOriginalUid 2017-05-11T17:47:41Z DEBUG Task id: cn=indextask_ipaOriginalUid_137138176614819300_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:47:42Z DEBUG Indexing finished 2017-05-11T17:47:42Z DEBUG New entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:42Z DEBUG --------------------------------------------- 2017-05-11T17:47:42Z DEBUG Initial value 2017-05-11T17:47:42Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:42Z DEBUG ObjectClass: 2017-05-11T17:47:42Z DEBUG top 2017-05-11T17:47:42Z DEBUG nsIndex 2017-05-11T17:47:42Z DEBUG cn: 2017-05-11T17:47:42Z DEBUG ipaOriginalUid 2017-05-11T17:47:42Z DEBUG nsSystemIndex: 2017-05-11T17:47:42Z DEBUG false 2017-05-11T17:47:42Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:47:42Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:42Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:42Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:42Z DEBUG --------------------------------------------- 2017-05-11T17:47:42Z DEBUG Final value after applying updates 2017-05-11T17:47:42Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:42Z DEBUG ObjectClass: 2017-05-11T17:47:42Z DEBUG top 2017-05-11T17:47:42Z DEBUG nsIndex 2017-05-11T17:47:42Z DEBUG nsIndexType: 2017-05-11T17:47:42Z DEBUG eq 2017-05-11T17:47:42Z DEBUG pres 2017-05-11T17:47:42Z DEBUG cn: 2017-05-11T17:47:42Z DEBUG ipaOriginalUid 2017-05-11T17:47:42Z DEBUG nsSystemIndex: 2017-05-11T17:47:42Z DEBUG false 2017-05-11T17:47:47Z DEBUG Creating task to index attribute: ipaOriginalUid 2017-05-11T17:47:47Z DEBUG Task id: cn=indextask_ipaOriginalUid_137138176675020930_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:47:48Z DEBUG Indexing finished 2017-05-11T17:47:48Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' 2017-05-11T17:47:48Z DEBUG New entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:48Z DEBUG --------------------------------------------- 2017-05-11T17:47:48Z DEBUG Initial value 2017-05-11T17:47:48Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:48Z DEBUG ObjectClass: 2017-05-11T17:47:48Z DEBUG top 2017-05-11T17:47:48Z DEBUG nsIndex 2017-05-11T17:47:48Z DEBUG cn: 2017-05-11T17:47:48Z DEBUG memberuid 2017-05-11T17:47:48Z DEBUG nsSystemIndex: 2017-05-11T17:47:48Z DEBUG false 2017-05-11T17:47:48Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:47:48Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:48Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:48Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:48Z DEBUG --------------------------------------------- 2017-05-11T17:47:48Z DEBUG Final value after applying updates 2017-05-11T17:47:48Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:48Z DEBUG ObjectClass: 2017-05-11T17:47:48Z DEBUG top 2017-05-11T17:47:48Z DEBUG nsIndex 2017-05-11T17:47:48Z DEBUG nsIndexType: 2017-05-11T17:47:48Z DEBUG eq 2017-05-11T17:47:48Z DEBUG pres 2017-05-11T17:47:48Z DEBUG cn: 2017-05-11T17:47:48Z DEBUG memberuid 2017-05-11T17:47:48Z DEBUG nsSystemIndex: 2017-05-11T17:47:48Z DEBUG false 2017-05-11T17:47:53Z DEBUG Creating task to index attribute: memberuid 2017-05-11T17:47:53Z DEBUG Task id: cn=indextask_memberuid_137138176735291850_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:47:55Z DEBUG Indexing finished 2017-05-11T17:47:55Z DEBUG Updating existing entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Initial value 2017-05-11T17:47:55Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG pres 2017-05-11T17:47:55Z DEBUG sub 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG memberHost 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Final value after applying updates 2017-05-11T17:47:55Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG sub 2017-05-11T17:47:55Z DEBUG pres 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG memberHost 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG [] 2017-05-11T17:47:55Z DEBUG Updated 0 2017-05-11T17:47:55Z DEBUG Done 2017-05-11T17:47:55Z DEBUG Updating existing entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Initial value 2017-05-11T17:47:55Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG pres 2017-05-11T17:47:55Z DEBUG sub 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG memberUser 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Final value after applying updates 2017-05-11T17:47:55Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG sub 2017-05-11T17:47:55Z DEBUG pres 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG memberUser 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG [] 2017-05-11T17:47:55Z DEBUG Updated 0 2017-05-11T17:47:55Z DEBUG Done 2017-05-11T17:47:55Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Initial value 2017-05-11T17:47:55Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG member 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'eq', current value ['eq'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:47:55Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:47:55Z DEBUG --------------------------------------------- 2017-05-11T17:47:55Z DEBUG Final value after applying updates 2017-05-11T17:47:55Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:47:55Z DEBUG nsIndexType: 2017-05-11T17:47:55Z DEBUG eq 2017-05-11T17:47:55Z DEBUG sub 2017-05-11T17:47:55Z DEBUG pres 2017-05-11T17:47:55Z DEBUG objectClass: 2017-05-11T17:47:55Z DEBUG top 2017-05-11T17:47:55Z DEBUG nsIndex 2017-05-11T17:47:55Z DEBUG cn: 2017-05-11T17:47:55Z DEBUG member 2017-05-11T17:47:55Z DEBUG nsSystemIndex: 2017-05-11T17:47:55Z DEBUG false 2017-05-11T17:47:55Z DEBUG [(0, u'nsIndexType', ['sub', 'pres'])] 2017-05-11T17:47:55Z DEBUG Updated 1 2017-05-11T17:47:55Z DEBUG Done 2017-05-11T17:48:00Z DEBUG Creating task to index attribute: member 2017-05-11T17:48:00Z DEBUG Task id: cn=indextask_member_137138176805564450_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:01Z DEBUG Indexing finished 2017-05-11T17:48:01Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:01Z DEBUG --------------------------------------------- 2017-05-11T17:48:01Z DEBUG Initial value 2017-05-11T17:48:01Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:01Z DEBUG nsIndexType: 2017-05-11T17:48:01Z DEBUG eq 2017-05-11T17:48:01Z DEBUG objectClass: 2017-05-11T17:48:01Z DEBUG top 2017-05-11T17:48:01Z DEBUG nsIndex 2017-05-11T17:48:01Z DEBUG cn: 2017-05-11T17:48:01Z DEBUG uniquemember 2017-05-11T17:48:01Z DEBUG nsSystemIndex: 2017-05-11T17:48:01Z DEBUG false 2017-05-11T17:48:01Z DEBUG only: set nsIndexType to 'eq', current value ['eq'] 2017-05-11T17:48:01Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:01Z DEBUG only: set nsIndexType to 'sub', current value ['eq'] 2017-05-11T17:48:01Z DEBUG only: updated value ['eq', 'sub'] 2017-05-11T17:48:01Z DEBUG --------------------------------------------- 2017-05-11T17:48:01Z DEBUG Final value after applying updates 2017-05-11T17:48:01Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:01Z DEBUG nsIndexType: 2017-05-11T17:48:01Z DEBUG eq 2017-05-11T17:48:01Z DEBUG sub 2017-05-11T17:48:01Z DEBUG objectClass: 2017-05-11T17:48:01Z DEBUG top 2017-05-11T17:48:01Z DEBUG nsIndex 2017-05-11T17:48:01Z DEBUG cn: 2017-05-11T17:48:01Z DEBUG uniquemember 2017-05-11T17:48:01Z DEBUG nsSystemIndex: 2017-05-11T17:48:01Z DEBUG false 2017-05-11T17:48:01Z DEBUG [(0, u'nsIndexType', ['sub'])] 2017-05-11T17:48:01Z DEBUG Updated 1 2017-05-11T17:48:01Z DEBUG Done 2017-05-11T17:48:06Z DEBUG Creating task to index attribute: uniquemember 2017-05-11T17:48:06Z DEBUG Task id: cn=indextask_uniquemember_137138176865796220_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:07Z DEBUG Indexing finished 2017-05-11T17:48:07Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:07Z DEBUG --------------------------------------------- 2017-05-11T17:48:07Z DEBUG Initial value 2017-05-11T17:48:07Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:07Z DEBUG nsIndexType: 2017-05-11T17:48:07Z DEBUG eq 2017-05-11T17:48:07Z DEBUG objectClass: 2017-05-11T17:48:07Z DEBUG top 2017-05-11T17:48:07Z DEBUG nsIndex 2017-05-11T17:48:07Z DEBUG cn: 2017-05-11T17:48:07Z DEBUG owner 2017-05-11T17:48:07Z DEBUG nsSystemIndex: 2017-05-11T17:48:07Z DEBUG false 2017-05-11T17:48:07Z DEBUG only: set nsIndexType to 'eq', current value ['eq'] 2017-05-11T17:48:07Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:07Z DEBUG only: set nsIndexType to 'sub', current value ['eq'] 2017-05-11T17:48:07Z DEBUG only: updated value ['eq', 'sub'] 2017-05-11T17:48:07Z DEBUG --------------------------------------------- 2017-05-11T17:48:07Z DEBUG Final value after applying updates 2017-05-11T17:48:07Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:07Z DEBUG nsIndexType: 2017-05-11T17:48:07Z DEBUG eq 2017-05-11T17:48:07Z DEBUG sub 2017-05-11T17:48:07Z DEBUG objectClass: 2017-05-11T17:48:07Z DEBUG top 2017-05-11T17:48:07Z DEBUG nsIndex 2017-05-11T17:48:07Z DEBUG cn: 2017-05-11T17:48:07Z DEBUG owner 2017-05-11T17:48:07Z DEBUG nsSystemIndex: 2017-05-11T17:48:07Z DEBUG false 2017-05-11T17:48:07Z DEBUG [(0, u'nsIndexType', ['sub'])] 2017-05-11T17:48:07Z DEBUG Updated 1 2017-05-11T17:48:07Z DEBUG Done 2017-05-11T17:48:12Z DEBUG Creating task to index attribute: owner 2017-05-11T17:48:12Z DEBUG Task id: cn=indextask_owner_137138176926024530_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:13Z DEBUG Indexing finished 2017-05-11T17:48:13Z DEBUG Updating existing entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Initial value 2017-05-11T17:48:13Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG pres 2017-05-11T17:48:13Z DEBUG sub 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG manager 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Final value after applying updates 2017-05-11T17:48:13Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG sub 2017-05-11T17:48:13Z DEBUG pres 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG manager 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG [] 2017-05-11T17:48:13Z DEBUG Updated 0 2017-05-11T17:48:13Z DEBUG Done 2017-05-11T17:48:13Z DEBUG Updating existing entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Initial value 2017-05-11T17:48:13Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG pres 2017-05-11T17:48:13Z DEBUG sub 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG secretary 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Final value after applying updates 2017-05-11T17:48:13Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG sub 2017-05-11T17:48:13Z DEBUG pres 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG secretary 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG [] 2017-05-11T17:48:13Z DEBUG Updated 0 2017-05-11T17:48:13Z DEBUG Done 2017-05-11T17:48:13Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Initial value 2017-05-11T17:48:13Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG seeAlso 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'eq', current value ['eq'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:13Z DEBUG only: set nsIndexType to 'sub', current value ['eq'] 2017-05-11T17:48:13Z DEBUG only: updated value ['eq', 'sub'] 2017-05-11T17:48:13Z DEBUG --------------------------------------------- 2017-05-11T17:48:13Z DEBUG Final value after applying updates 2017-05-11T17:48:13Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:13Z DEBUG nsIndexType: 2017-05-11T17:48:13Z DEBUG eq 2017-05-11T17:48:13Z DEBUG sub 2017-05-11T17:48:13Z DEBUG objectClass: 2017-05-11T17:48:13Z DEBUG top 2017-05-11T17:48:13Z DEBUG nsIndex 2017-05-11T17:48:13Z DEBUG cn: 2017-05-11T17:48:13Z DEBUG seeAlso 2017-05-11T17:48:13Z DEBUG nsSystemIndex: 2017-05-11T17:48:13Z DEBUG false 2017-05-11T17:48:13Z DEBUG [(0, u'nsIndexType', ['sub'])] 2017-05-11T17:48:13Z DEBUG Updated 1 2017-05-11T17:48:13Z DEBUG Done 2017-05-11T17:48:18Z DEBUG Creating task to index attribute: seeAlso 2017-05-11T17:48:18Z DEBUG Task id: cn=indextask_seeAlso_137138176986278230_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:19Z DEBUG Indexing finished 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberOf 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberOf 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG fqdn 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG fqdn 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG macAddress 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG macAddress 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG sourcehost 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG sourcehost 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberservice 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberservice 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG managedby 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG managedby 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberallowcmd 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberallowcmd 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberdenycmd 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG memberdenycmd 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipasudorunas 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipasudorunas 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipasudorunasgroup 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipasudorunasgroup 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG automountkey 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG automountkey 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipakrbprincipalalias 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipakrbprincipalalias 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG Updating existing entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipauniqueid 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG objectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipauniqueid 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG [] 2017-05-11T17:48:19Z DEBUG Updated 0 2017-05-11T17:48:19Z DEBUG Done 2017-05-11T17:48:19Z DEBUG New entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Initial value 2017-05-11T17:48:19Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG ObjectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipatokenradiusconfiglink 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:19Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:19Z DEBUG --------------------------------------------- 2017-05-11T17:48:19Z DEBUG Final value after applying updates 2017-05-11T17:48:19Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:19Z DEBUG ObjectClass: 2017-05-11T17:48:19Z DEBUG top 2017-05-11T17:48:19Z DEBUG nsIndex 2017-05-11T17:48:19Z DEBUG nsIndexType: 2017-05-11T17:48:19Z DEBUG eq 2017-05-11T17:48:19Z DEBUG sub 2017-05-11T17:48:19Z DEBUG pres 2017-05-11T17:48:19Z DEBUG cn: 2017-05-11T17:48:19Z DEBUG ipatokenradiusconfiglink 2017-05-11T17:48:19Z DEBUG nsSystemIndex: 2017-05-11T17:48:19Z DEBUG false 2017-05-11T17:48:24Z DEBUG Creating task to index attribute: ipatokenradiusconfiglink 2017-05-11T17:48:24Z DEBUG Task id: cn=indextask_ipatokenradiusconfiglink_137138177046776240_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:25Z DEBUG Indexing finished 2017-05-11T17:48:25Z DEBUG New entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:25Z DEBUG --------------------------------------------- 2017-05-11T17:48:25Z DEBUG Initial value 2017-05-11T17:48:25Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:25Z DEBUG ObjectClass: 2017-05-11T17:48:25Z DEBUG top 2017-05-11T17:48:25Z DEBUG nsIndex 2017-05-11T17:48:25Z DEBUG cn: 2017-05-11T17:48:25Z DEBUG ipaassignedidview 2017-05-11T17:48:25Z DEBUG nsSystemIndex: 2017-05-11T17:48:25Z DEBUG false 2017-05-11T17:48:25Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:48:25Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:25Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:25Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:25Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:25Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:25Z DEBUG --------------------------------------------- 2017-05-11T17:48:25Z DEBUG Final value after applying updates 2017-05-11T17:48:25Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:25Z DEBUG ObjectClass: 2017-05-11T17:48:25Z DEBUG top 2017-05-11T17:48:25Z DEBUG nsIndex 2017-05-11T17:48:25Z DEBUG nsIndexType: 2017-05-11T17:48:25Z DEBUG eq 2017-05-11T17:48:25Z DEBUG sub 2017-05-11T17:48:25Z DEBUG pres 2017-05-11T17:48:25Z DEBUG cn: 2017-05-11T17:48:25Z DEBUG ipaassignedidview 2017-05-11T17:48:25Z DEBUG nsSystemIndex: 2017-05-11T17:48:25Z DEBUG false 2017-05-11T17:48:30Z DEBUG Creating task to index attribute: ipaassignedidview 2017-05-11T17:48:30Z DEBUG Task id: cn=indextask_ipaassignedidview_137138177106994870_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:31Z DEBUG Indexing finished 2017-05-11T17:48:31Z DEBUG New entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:31Z DEBUG --------------------------------------------- 2017-05-11T17:48:31Z DEBUG Initial value 2017-05-11T17:48:31Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:31Z DEBUG ObjectClass: 2017-05-11T17:48:31Z DEBUG top 2017-05-11T17:48:31Z DEBUG nsIndex 2017-05-11T17:48:31Z DEBUG cn: 2017-05-11T17:48:31Z DEBUG ipaallowedtarget 2017-05-11T17:48:31Z DEBUG nsSystemIndex: 2017-05-11T17:48:31Z DEBUG false 2017-05-11T17:48:31Z DEBUG only: set nsIndexType to 'eq', current value [] 2017-05-11T17:48:31Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:31Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:31Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:31Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:31Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:31Z DEBUG --------------------------------------------- 2017-05-11T17:48:31Z DEBUG Final value after applying updates 2017-05-11T17:48:31Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:31Z DEBUG ObjectClass: 2017-05-11T17:48:31Z DEBUG top 2017-05-11T17:48:31Z DEBUG nsIndex 2017-05-11T17:48:31Z DEBUG nsIndexType: 2017-05-11T17:48:31Z DEBUG eq 2017-05-11T17:48:31Z DEBUG sub 2017-05-11T17:48:31Z DEBUG pres 2017-05-11T17:48:31Z DEBUG cn: 2017-05-11T17:48:31Z DEBUG ipaallowedtarget 2017-05-11T17:48:31Z DEBUG nsSystemIndex: 2017-05-11T17:48:31Z DEBUG false 2017-05-11T17:48:36Z DEBUG Creating task to index attribute: ipaallowedtarget 2017-05-11T17:48:36Z DEBUG Task id: cn=indextask_ipaallowedtarget_137138177167216650_12797,cn=index,cn=tasks,cn=config 2017-05-11T17:48:37Z DEBUG Indexing finished 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaMemberCa 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaMemberCa 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaMemberCertProfile 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres', 'sub'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'sub', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres', 'sub'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaMemberCertProfile 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG userCertificate 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsSystemIndex to 'false', current value ['false'] 2017-05-11T17:48:37Z DEBUG only: updated value ['false'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG userCertificate 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUniqueId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUniqueId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUserDomainId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUserDomainId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipalocation 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipalocation 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG nsMatchingRule: 2017-05-11T17:48:37Z DEBUG caseIgnoreIA5Match 2017-05-11T17:48:37Z DEBUG caseExactIA5Match 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG krbPrincipalName 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsMatchingRule to 'caseIgnoreIA5Match', current value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2017-05-11T17:48:37Z DEBUG only: updated value ['caseIgnoreIA5Match'] 2017-05-11T17:48:37Z DEBUG only: set nsMatchingRule to 'caseExactIA5Match', current value ['caseIgnoreIA5Match'] 2017-05-11T17:48:37Z DEBUG only: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'sub'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'sub', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'sub'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG nsMatchingRule: 2017-05-11T17:48:37Z DEBUG caseIgnoreIA5Match 2017-05-11T17:48:37Z DEBUG caseExactIA5Match 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG krbPrincipalName 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG krbCanonicalName 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsSystemIndex to 'false', current value ['false'] 2017-05-11T17:48:37Z DEBUG only: updated value ['false'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'sub'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'sub', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'sub'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG sub 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG krbCanonicalName 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupOfNames 2017-05-11T17:48:37Z DEBUG nestedGroup 2017-05-11T17:48:37Z DEBUG ipaobject 2017-05-11T17:48:37Z DEBUG ipahostgroup 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaservers 2017-05-11T17:48:37Z DEBUG ipaUniqueID: 2017-05-11T17:48:37Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG IPA server hosts 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupOfNames 2017-05-11T17:48:37Z DEBUG nestedGroup 2017-05-11T17:48:37Z DEBUG ipaobject 2017-05-11T17:48:37Z DEBUG ipahostgroup 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaservers 2017-05-11T17:48:37Z DEBUG ipaUniqueID: 2017-05-11T17:48:37Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG IPA server hosts 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupOfNames 2017-05-11T17:48:37Z DEBUG nestedGroup 2017-05-11T17:48:37Z DEBUG ipaobject 2017-05-11T17:48:37Z DEBUG ipahostgroup 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaservers 2017-05-11T17:48:37Z DEBUG ipaUniqueID: 2017-05-11T17:48:37Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG IPA server hosts 2017-05-11T17:48:37Z DEBUG add: 'fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net' to member, current value ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: updated value ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupOfNames 2017-05-11T17:48:37Z DEBUG nestedGroup 2017-05-11T17:48:37Z DEBUG ipaobject 2017-05-11T17:48:37Z DEBUG ipahostgroup 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipaservers 2017-05-11T17:48:37Z DEBUG ipaUniqueID: 2017-05-11T17:48:37Z DEBUG 49c19e8e-3671-11e7-a4e3-0050568f60a6 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG IPA server hosts 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-nss_ldap.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG pilotObject 2017-05-11T17:48:37Z DEBUG info: 2017-05-11T17:48:37Z DEBUG IPA V2.0 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG dc: 2017-05-11T17:48:37Z DEBUG rdlg 2017-05-11T17:48:37Z DEBUG add: 'domain' to objectClass, current value ['top', 'domain', 'pilotObject'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'pilotObject', 'domain'] 2017-05-11T17:48:37Z DEBUG add: 'domainRelatedObject' to objectClass, current value ['top', 'pilotObject', 'domain'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'pilotObject', 'domain', 'domainRelatedObject'] 2017-05-11T17:48:37Z DEBUG add: 'nisDomainObject' to objectClass, current value ['top', 'pilotObject', 'domain', 'domainRelatedObject'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'pilotObject', 'domain', 'domainRelatedObject', 'nisDomainObject'] 2017-05-11T17:48:37Z DEBUG add: 'rdlg.net' to associatedDomain, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['rdlg.net'] 2017-05-11T17:48:37Z DEBUG add: 'rdlg.net' to nisDomain, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['rdlg.net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG info: 2017-05-11T17:48:37Z DEBUG IPA V2.0 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG pilotObject 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nisDomainObject 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG domainRelatedObject 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG dc: 2017-05-11T17:48:37Z DEBUG rdlg 2017-05-11T17:48:37Z DEBUG nisDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG associatedDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG [(0, u'objectClass', ['nisDomainObject', 'domainRelatedObject']), (2, u'nisDomain', ['rdlg.net']), (2, u'associatedDomain', ['rdlg.net'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG New entry: ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG add: 'top' to objectClass, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['top'] 2017-05-11T17:48:37Z DEBUG add: 'organizationalUnit' to objectClass, current value ['top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'organizationalUnit'] 2017-05-11T17:48:37Z DEBUG add: 'profiles' to ou, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['profiles'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG organizationalUnit 2017-05-11T17:48:37Z DEBUG ou: 2017-05-11T17:48:37Z DEBUG profiles 2017-05-11T17:48:37Z DEBUG New entry: cn=default,ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=default,ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG defaultServerList: 2017-05-11T17:48:37Z DEBUG ipa.rdlg.net 2017-05-11T17:48:37Z DEBUG defaultSearchBase: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ObjectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG DUAConfigProfile 2017-05-11T17:48:37Z DEBUG serviceSearchDescriptor: 2017-05-11T17:48:37Z DEBUG passwd:cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG group:cn=groups,cn=compat,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG searchTimeLimit: 2017-05-11T17:48:37Z DEBUG 15 2017-05-11T17:48:37Z DEBUG followReferrals: 2017-05-11T17:48:37Z DEBUG TRUE 2017-05-11T17:48:37Z DEBUG objectClassMap: 2017-05-11T17:48:37Z DEBUG shadow:shadowAccount=posixAccount 2017-05-11T17:48:37Z DEBUG bindTimeLimit: 2017-05-11T17:48:37Z DEBUG 5 2017-05-11T17:48:37Z DEBUG authenticationMethod: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG default 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=default,ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG defaultServerList: 2017-05-11T17:48:37Z DEBUG ipa.rdlg.net 2017-05-11T17:48:37Z DEBUG defaultSearchBase: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ObjectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG DUAConfigProfile 2017-05-11T17:48:37Z DEBUG serviceSearchDescriptor: 2017-05-11T17:48:37Z DEBUG passwd:cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG group:cn=groups,cn=compat,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG searchTimeLimit: 2017-05-11T17:48:37Z DEBUG 15 2017-05-11T17:48:37Z DEBUG followReferrals: 2017-05-11T17:48:37Z DEBUG TRUE 2017-05-11T17:48:37Z DEBUG objectClassMap: 2017-05-11T17:48:37Z DEBUG shadow:shadowAccount=posixAccount 2017-05-11T17:48:37Z DEBUG bindTimeLimit: 2017-05-11T17:48:37Z DEBUG 5 2017-05-11T17:48:37Z DEBUG authenticationMethod: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG default 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-replication.update' 2017-05-11T17:48:37Z DEBUG New entry: cn=replication,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=replication,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsDS5Replica 2017-05-11T17:48:37Z DEBUG nsDS5ReplicaId: 2017-05-11T17:48:37Z DEBUG 3 2017-05-11T17:48:37Z DEBUG nsDS5ReplicaRoot: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=replication,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsDS5Replica 2017-05-11T17:48:37Z DEBUG nsDS5ReplicaId: 2017-05-11T17:48:37Z DEBUG 3 2017-05-11T17:48:37Z DEBUG nsDS5ReplicaRoot: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG New entry: cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG replication managers 2017-05-11T17:48:37Z DEBUG add: 'krbprincipalname=ldap/ipa.rdlg.net@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['krbprincipalname=ldap/ipa.rdlg.net@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG krbprincipalname=ldap/ipa.rdlg.net@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG replication managers 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG topology 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG topology 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsds5ReplicaStripAttrs: 2017-05-11T17:48:37Z DEBUG modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp 2017-05-11T17:48:37Z DEBUG ipaReplTopoConfRoot: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG iparepltopoconf 2017-05-11T17:48:37Z DEBUG nsDS5ReplicatedAttributeListTotal: 2017-05-11T17:48:37Z DEBUG (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount 2017-05-11T17:48:37Z DEBUG nsDS5ReplicatedAttributeList: 2017-05-11T17:48:37Z DEBUG (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG add: '(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount' to nsDS5ReplicatedAttributeList, current value ['(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'] 2017-05-11T17:48:37Z DEBUG add: updated value ['(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'] 2017-05-11T17:48:37Z DEBUG add: '(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount' to nsDS5ReplicatedAttributeListTotal, current value ['(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'] 2017-05-11T17:48:37Z DEBUG add: updated value ['(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'] 2017-05-11T17:48:37Z DEBUG add: 'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp' to nsds5ReplicaStripAttrs, current value ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'] 2017-05-11T17:48:37Z DEBUG add: updated value ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsds5ReplicaStripAttrs: 2017-05-11T17:48:37Z DEBUG modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp 2017-05-11T17:48:37Z DEBUG ipaReplTopoConfRoot: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG iparepltopoconf 2017-05-11T17:48:37Z DEBUG nsDS5ReplicatedAttributeListTotal: 2017-05-11T17:48:37Z DEBUG (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount 2017-05-11T17:48:37Z DEBUG nsDS5ReplicatedAttributeList: 2017-05-11T17:48:37Z DEBUG (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Deleting entry cn=realm,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=realm,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net did not exist:no such entry 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:37Z DEBUG ipaConfigObject 2017-05-11T17:48:37Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:37Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:37Z DEBUG 1 2017-05-11T17:48:37Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa.rdlg.net 2017-05-11T17:48:37Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG add: 'ipaReplTopoManagedServer' to objectclass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'nsContainer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig', 'ipaReplTopoManagedServer'] 2017-05-11T17:48:37Z DEBUG add: 'dc=rdlg,dc=net' to ipaReplTopoManagedSuffix, current value ['dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipaConfigObject 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:37Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:37Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:37Z DEBUG 1 2017-05-11T17:48:37Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa.rdlg.net 2017-05-11T17:48:37Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=IPA Topology Configuration,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=IPA Topology Configuration,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG ipa-topology-plugin 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPA Topology Configuration 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG ipa_topo_init 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG ldbm database 2017-05-11T17:48:37Z DEBUG Multimaster Replication Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-replica-root: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG o=ipaca 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.0 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-config-base: 2017-05-11T17:48:37Z DEBUG cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG ipa-topology-plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libtopology 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-binddngroup: 2017-05-11T17:48:37Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-startup-delay: 2017-05-11T17:48:37Z DEBUG 20 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG freeipa 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=IPA Topology Configuration,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG ipa-topology-plugin 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPA Topology Configuration 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG ipa_topo_init 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG ldbm database 2017-05-11T17:48:37Z DEBUG Multimaster Replication Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-replica-root: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG o=ipaca 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.0 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-config-base: 2017-05-11T17:48:37Z DEBUG cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG ipa-topology-plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libtopology 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-shared-binddngroup: 2017-05-11T17:48:37Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-topo-plugin-startup-delay: 2017-05-11T17:48:37Z DEBUG 20 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG freeipa 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG New entry: cn=changelog5,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=changelog5,cn=config 2017-05-11T17:48:37Z DEBUG addifnew: '7d' to nsslapd-changelogmaxage, current value [] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=changelog5,cn=config 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-sslciphers.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=encryption,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=encryption,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG encryption 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsEncryptionConfig 2017-05-11T17:48:37Z DEBUG sslVersionMin: 2017-05-11T17:48:37Z DEBUG TLS1.0 2017-05-11T17:48:37Z DEBUG nsSSLSupportedCiphers: 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0 2017-05-11T17:48:37Z DEBUG TLS_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG nsSSLClientAuth: 2017-05-11T17:48:37Z DEBUG allowed 2017-05-11T17:48:37Z DEBUG nsSSLSessionTimeout: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG allowWeakCipher: 2017-05-11T17:48:37Z DEBUG off 2017-05-11T17:48:37Z DEBUG nsSSL3Ciphers: 2017-05-11T17:48:37Z DEBUG default 2017-05-11T17:48:37Z DEBUG only: set nsSSL3Ciphers to 'default', current value ['default'] 2017-05-11T17:48:37Z DEBUG only: updated value ['default'] 2017-05-11T17:48:37Z DEBUG addifnew: 'off' to allowWeakCipher, current value ['off'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=encryption,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG encryption 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsEncryptionConfig 2017-05-11T17:48:37Z DEBUG sslVersionMin: 2017-05-11T17:48:37Z DEBUG TLS1.0 2017-05-11T17:48:37Z DEBUG nsSSLSupportedCiphers: 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0 2017-05-11T17:48:37Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0 2017-05-11T17:48:37Z DEBUG TLS_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2017-05-11T17:48:37Z DEBUG TLS_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2017-05-11T17:48:37Z DEBUG nsSSLClientAuth: 2017-05-11T17:48:37Z DEBUG allowed 2017-05-11T17:48:37Z DEBUG nsSSLSessionTimeout: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG allowWeakCipher: 2017-05-11T17:48:37Z DEBUG off 2017-05-11T17:48:37Z DEBUG nsSSL3Ciphers: 2017-05-11T17:48:37Z DEBUG default 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-syncrepl.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=Retro Changelog Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Retro Changelog Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Retro Changelog Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG Class of Service 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG off 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libretrocl-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG retrocl_plugin_init 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 25 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG only: set nsslapd-pluginEnabled to 'on', current value ['off'] 2017-05-11T17:48:37Z DEBUG only: updated value ['on'] 2017-05-11T17:48:37Z DEBUG add: 'nsuniqueid:targetUniqueId' to nsslapd-attribute, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['nsuniqueid:targetUniqueId'] 2017-05-11T17:48:37Z DEBUG add: '2d' to nsslapd-changelogmaxage, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['2d'] 2017-05-11T17:48:37Z DEBUG add: 'o=ipaca' to nsslapd-exclude-suffix, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['o=ipaca'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Retro Changelog Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-attribute: 2017-05-11T17:48:37Z DEBUG nsuniqueid:targetUniqueId 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Retro Changelog Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG Class of Service 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-changelogmaxage: 2017-05-11T17:48:37Z DEBUG 2d 2017-05-11T17:48:37Z DEBUG nsslapd-exclude-suffix: 2017-05-11T17:48:37Z DEBUG o=ipaca 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libretrocl-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG retrocl_plugin_init 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 25 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG [(2, u'nsslapd-attribute', ['nsuniqueid:targetUniqueId']), (2, u'nsslapd-exclude-suffix', ['o=ipaca']), (2, u'nsslapd-pluginEnabled', ['on']), (2, u'nsslapd-changelogmaxage', ['2d'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG memberof 2017-05-11T17:48:37Z DEBUG memberofgroupattr: 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG memberUser 2017-05-11T17:48:37Z DEBUG memberHost 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG MemberOf Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG memberof plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libmemberof-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG memberofattr: 2017-05-11T17:48:37Z DEBUG memberOf 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG memberof_postop_init 2017-05-11T17:48:37Z DEBUG add: 'dc=rdlg,dc=net' to memberofentryscope, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: 'cn=compat,dc=rdlg,dc=net' to memberofentryscopeexcludesubtree, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['cn=compat,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: 'cn=provisioning,dc=rdlg,dc=net' to memberofentryscopeexcludesubtree, current value ['cn=compat,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: updated value ['cn=compat,dc=rdlg,dc=net', 'cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net' to memberofentryscopeexcludesubtree, current value ['cn=compat,dc=rdlg,dc=net', 'cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: updated value ['cn=compat,dc=rdlg,dc=net', 'cn=provisioning,dc=rdlg,dc=net', 'cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG memberof 2017-05-11T17:48:37Z DEBUG memberofgroupattr: 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG memberUser 2017-05-11T17:48:37Z DEBUG memberHost 2017-05-11T17:48:37Z DEBUG memberofentryscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG MemberOf Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG memberof plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libmemberof-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG memberofattr: 2017-05-11T17:48:37Z DEBUG memberOf 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG memberofentryscopeexcludesubtree: 2017-05-11T17:48:37Z DEBUG cn=compat,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG memberof_postop_init 2017-05-11T17:48:37Z DEBUG [(2, u'memberofentryscope', ['dc=rdlg,dc=net']), (2, u'memberofentryscopeexcludesubtree', ['cn=compat,dc=rdlg,dc=net', 'cn=provisioning,dc=rdlg,dc=net', 'cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG referint 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG referential integrity postoperation 2017-05-11T17:48:37Z DEBUG referint-update-delay: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG referential integrity plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libreferint-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 40 2017-05-11T17:48:37Z DEBUG referint-logfile: 2017-05-11T17:48:37Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:48:37Z DEBUG referint-logchanges: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG referint-membership-attr: 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG uniquemember 2017-05-11T17:48:37Z DEBUG owner 2017-05-11T17:48:37Z DEBUG seeAlso 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG referint_postop_init 2017-05-11T17:48:37Z DEBUG add: 'dc=rdlg,dc=net' to nsslapd-plugincontainerscope, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: 'dc=rdlg,dc=net' to nsslapd-pluginentryscope, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG add: 'cn=provisioning,dc=rdlg,dc=net' to nsslapd-pluginExcludeEntryScope, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG referint 2017-05-11T17:48:37Z DEBUG nsslapd-plugincontainerscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG referential integrity postoperation 2017-05-11T17:48:37Z DEBUG referint-update-delay: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG referential integrity plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginentryscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginExcludeEntryScope: 2017-05-11T17:48:37Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libreferint-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 40 2017-05-11T17:48:37Z DEBUG referint-logfile: 2017-05-11T17:48:37Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:48:37Z DEBUG referint-logchanges: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG referint-membership-attr: 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG uniquemember 2017-05-11T17:48:37Z DEBUG owner 2017-05-11T17:48:37Z DEBUG seeAlso 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG referint_postop_init 2017-05-11T17:48:37Z DEBUG [(2, u'nsslapd-plugincontainerscope', ['dc=rdlg,dc=net']), (2, u'nsslapd-pluginExcludeEntryScope', ['cn=provisioning,dc=rdlg,dc=net']), (2, u'nsslapd-pluginentryscope', ['dc=rdlg,dc=net'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=Content Synchronization,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Content Synchronization,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Content Synchronization 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG Retro Changelog Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG off 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libcontentsync-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG sync_init 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG only: set nsslapd-pluginEnabled to 'on', current value ['off'] 2017-05-11T17:48:37Z DEBUG only: updated value ['on'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Content Synchronization,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginbetxn: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Content Synchronization 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-named: 2017-05-11T17:48:37Z DEBUG Retro Changelog Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libcontentsync-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG sync_init 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG object 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG none 2017-05-11T17:48:37Z DEBUG [(2, u'nsslapd-pluginEnabled', ['on'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPA Unique IDs 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG ipauuidmagicregen: 2017-05-11T17:48:37Z DEBUG autogenerate 2017-05-11T17:48:37Z DEBUG ipauuidfilter: 2017-05-11T17:48:37Z DEBUG (|(objectclass=ipaObject)(objectclass=ipaAssociation)) 2017-05-11T17:48:37Z DEBUG ipauuidenforce: 2017-05-11T17:48:37Z DEBUG TRUE 2017-05-11T17:48:37Z DEBUG ipauuidscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ipauuidattr: 2017-05-11T17:48:37Z DEBUG ipaUniqueID 2017-05-11T17:48:37Z DEBUG add: 'cn=provisioning,dc=rdlg,dc=net' to ipaUuidExcludeSubtree, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['cn=provisioning,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPA Unique IDs 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG ipauuidmagicregen: 2017-05-11T17:48:37Z DEBUG autogenerate 2017-05-11T17:48:37Z DEBUG ipauuidfilter: 2017-05-11T17:48:37Z DEBUG (|(objectclass=ipaObject)(objectclass=ipaAssociation)) 2017-05-11T17:48:37Z DEBUG ipauuidenforce: 2017-05-11T17:48:37Z DEBUG TRUE 2017-05-11T17:48:37Z DEBUG ipaUuidExcludeSubtree: 2017-05-11T17:48:37Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ipauuidscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ipauuidattr: 2017-05-11T17:48:37Z DEBUG ipaUniqueID 2017-05-11T17:48:37Z DEBUG [(2, u'ipaUuidExcludeSubtree', ['cn=provisioning,dc=rdlg,dc=net'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-user_private_groups.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG mepTemplateEntry 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG mepMappedAttr: 2017-05-11T17:48:37Z DEBUG cn: $uid 2017-05-11T17:48:37Z DEBUG gidNumber: $uidNumber 2017-05-11T17:48:37Z DEBUG description: User private group for $uid 2017-05-11T17:48:37Z DEBUG mepStaticAttr: 2017-05-11T17:48:37Z DEBUG objectclass: posixgroup 2017-05-11T17:48:37Z DEBUG objectclass: ipaobject 2017-05-11T17:48:37Z DEBUG ipaUniqueId: autogenerate 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Template 2017-05-11T17:48:37Z DEBUG mepRDNAttr: 2017-05-11T17:48:37Z DEBUG cn 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG mepTemplateEntry 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG mepMappedAttr: 2017-05-11T17:48:37Z DEBUG cn: $uid 2017-05-11T17:48:37Z DEBUG gidNumber: $uidNumber 2017-05-11T17:48:37Z DEBUG description: User private group for $uid 2017-05-11T17:48:37Z DEBUG mepStaticAttr: 2017-05-11T17:48:37Z DEBUG objectclass: posixgroup 2017-05-11T17:48:37Z DEBUG objectclass: ipaobject 2017-05-11T17:48:37Z DEBUG ipaUniqueId: autogenerate 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Template 2017-05-11T17:48:37Z DEBUG mepRDNAttr: 2017-05-11T17:48:37Z DEBUG cn 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Definition 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG managedbase: 2017-05-11T17:48:37Z DEBUG cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG originfilter: 2017-05-11T17:48:37Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2017-05-11T17:48:37Z DEBUG originscope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG managedtemplate: 2017-05-11T17:48:37Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Definition 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG managedbase: 2017-05-11T17:48:37Z DEBUG cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG originfilter: 2017-05-11T17:48:37Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2017-05-11T17:48:37Z DEBUG originscope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG managedtemplate: 2017-05-11T17:48:37Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Definition 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG managedbase: 2017-05-11T17:48:37Z DEBUG cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG originfilter: 2017-05-11T17:48:37Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2017-05-11T17:48:37Z DEBUG originscope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG managedtemplate: 2017-05-11T17:48:37Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG replace: objectclass=posixAccount not found, skipping 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG UPG Definition 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG managedbase: 2017-05-11T17:48:37Z DEBUG cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG originfilter: 2017-05-11T17:48:37Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2017-05-11T17:48:37Z DEBUG originscope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG managedtemplate: 2017-05-11T17:48:37Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-uuid.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPK11 Unique IDs 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG ipauuidmagicregen: 2017-05-11T17:48:37Z DEBUG autogenerate 2017-05-11T17:48:37Z DEBUG ipauuidfilter: 2017-05-11T17:48:37Z DEBUG (objectclass=ipk11Object) 2017-05-11T17:48:37Z DEBUG ipauuidenforce: 2017-05-11T17:48:37Z DEBUG FALSE 2017-05-11T17:48:37Z DEBUG ipauuidscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ipauuidattr: 2017-05-11T17:48:37Z DEBUG ipk11UniqueID 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG IPK11 Unique IDs 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG ipauuidmagicregen: 2017-05-11T17:48:37Z DEBUG autogenerate 2017-05-11T17:48:37Z DEBUG ipauuidfilter: 2017-05-11T17:48:37Z DEBUG (objectclass=ipk11Object) 2017-05-11T17:48:37Z DEBUG ipauuidenforce: 2017-05-11T17:48:37Z DEBUG FALSE 2017-05-11T17:48:37Z DEBUG ipauuidscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG ipauuidattr: 2017-05-11T17:48:37Z DEBUG ipk11UniqueID 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/20-winsync_index.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUniqueId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUniqueId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUserDomainId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'eq', current value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq'] 2017-05-11T17:48:37Z DEBUG only: set nsIndexType to 'pres', current value ['eq'] 2017-05-11T17:48:37Z DEBUG only: updated value ['eq', 'pres'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsIndexType: 2017-05-11T17:48:37Z DEBUG eq 2017-05-11T17:48:37Z DEBUG pres 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsIndex 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ntUserDomainId 2017-05-11T17:48:37Z DEBUG nsSystemIndex: 2017-05-11T17:48:37Z DEBUG false 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/21-ca_renewal_container.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ca_renewal 2017-05-11T17:48:37Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'nsContainer'] 2017-05-11T17:48:37Z DEBUG add: 'ca_renewal' to cn, current value ['ca_renewal'] 2017-05-11T17:48:37Z DEBUG add: updated value ['ca_renewal'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ca_renewal 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/21-certstore_container.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG certificates 2017-05-11T17:48:37Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'nsContainer'] 2017-05-11T17:48:37Z DEBUG add: 'certificates' to cn, current value ['certificates'] 2017-05-11T17:48:37Z DEBUG add: updated value ['certificates'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG certificates 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/21-replicas_container.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG replicas 2017-05-11T17:48:37Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2017-05-11T17:48:37Z DEBUG add: updated value ['top', 'nsContainer'] 2017-05-11T17:48:37Z DEBUG add: 'replicas' to cn, current value ['replicas'] 2017-05-11T17:48:37Z DEBUG add: updated value ['replicas'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG replicas 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/25-referint.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG referint 2017-05-11T17:48:37Z DEBUG nsslapd-pluginentryscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG referential integrity postoperation 2017-05-11T17:48:37Z DEBUG referint-update-delay: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginexcludeentryscope: 2017-05-11T17:48:37Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG referential integrity plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libreferint-plugin 2017-05-11T17:48:37Z DEBUG nsslapd-plugincontainerscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 40 2017-05-11T17:48:37Z DEBUG referint-logfile: 2017-05-11T17:48:37Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:48:37Z DEBUG referint-logchanges: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG referint-membership-attr: 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG uniquemember 2017-05-11T17:48:37Z DEBUG owner 2017-05-11T17:48:37Z DEBUG seeAlso 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG referint_postop_init 2017-05-11T17:48:37Z DEBUG add: 'manager' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager'] 2017-05-11T17:48:37Z DEBUG add: 'secretary' to referint-membership-attr, current value ['member', 'owner', 'manager', 'uniquemember', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['member', 'owner', 'manager', 'uniquemember', 'seeAlso', 'secretary'] 2017-05-11T17:48:37Z DEBUG add: 'memberuser' to referint-membership-attr, current value ['seeAlso', 'member', 'manager', 'owner', 'uniquemember', 'secretary'] 2017-05-11T17:48:37Z DEBUG add: updated value ['seeAlso', 'member', 'manager', 'owner', 'uniquemember', 'secretary', 'memberuser'] 2017-05-11T17:48:37Z DEBUG add: 'memberhost' to referint-membership-attr, current value ['secretary', 'memberuser', 'member', 'manager', 'owner', 'uniquemember', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['secretary', 'memberuser', 'member', 'manager', 'owner', 'uniquemember', 'seeAlso', 'memberhost'] 2017-05-11T17:48:37Z DEBUG add: 'sourcehost' to referint-membership-attr, current value ['secretary', 'memberuser', 'member', 'manager', 'owner', 'uniquemember', 'memberhost', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['secretary', 'memberuser', 'member', 'manager', 'owner', 'uniquemember', 'memberhost', 'seeAlso', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: 'memberservice' to referint-membership-attr, current value ['uniquemember', 'secretary', 'memberuser', 'member', 'manager', 'owner', 'sourcehost', 'memberhost', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'secretary', 'memberuser', 'member', 'manager', 'owner', 'sourcehost', 'memberhost', 'seeAlso', 'memberservice'] 2017-05-11T17:48:37Z DEBUG add: 'managedby' to referint-membership-attr, current value ['uniquemember', 'secretary', 'memberuser', 'member', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'secretary', 'memberuser', 'member', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso', 'managedby'] 2017-05-11T17:48:37Z DEBUG add: 'memberallowcmd' to referint-membership-attr, current value ['uniquemember', 'secretary', 'memberuser', 'member', 'managedby', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'secretary', 'memberuser', 'member', 'managedby', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso', 'memberallowcmd'] 2017-05-11T17:48:37Z DEBUG add: 'memberdenycmd' to referint-membership-attr, current value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'member', 'memberallowcmd', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'member', 'memberallowcmd', 'manager', 'memberhost', 'owner', 'sourcehost', 'memberservice', 'seeAlso', 'memberdenycmd'] 2017-05-11T17:48:37Z DEBUG add: 'ipasudorunas' to referint-membership-attr, current value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'owner', 'seeAlso', 'memberservice', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'owner', 'seeAlso', 'memberservice', 'sourcehost', 'ipasudorunas'] 2017-05-11T17:48:37Z DEBUG add: 'ipasudorunasgroup' to referint-membership-attr, current value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'seeAlso', 'memberservice', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'seeAlso', 'memberservice', 'sourcehost', 'ipasudorunasgroup'] 2017-05-11T17:48:37Z DEBUG add: 'ipatokenradiusconfiglink' to referint-membership-attr, current value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'seeAlso', 'memberservice', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'seeAlso', 'memberservice', 'sourcehost', 'ipatokenradiusconfiglink'] 2017-05-11T17:48:37Z DEBUG add: 'ipaassignedidview' to referint-membership-attr, current value ['uniquemember', 'seeAlso', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberservice', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: updated value ['uniquemember', 'seeAlso', 'managedby', 'secretary', 'memberuser', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberservice', 'sourcehost', 'ipaassignedidview'] 2017-05-11T17:48:37Z DEBUG add: 'ipaallowedtarget' to referint-membership-attr, current value ['sourcehost', 'managedby', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberservice', 'seeAlso'] 2017-05-11T17:48:37Z DEBUG add: updated value ['sourcehost', 'managedby', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberservice', 'seeAlso', 'ipaallowedtarget'] 2017-05-11T17:48:37Z DEBUG add: 'ipamemberca' to referint-membership-attr, current value ['ipaallowedtarget', 'seeAlso', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'managedby', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberhost', 'memberservice', 'sourcehost'] 2017-05-11T17:48:37Z DEBUG add: updated value ['ipaallowedtarget', 'seeAlso', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'managedby', 'ipasudorunas', 'owner', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberhost', 'memberservice', 'sourcehost', 'ipamemberca'] 2017-05-11T17:48:37Z DEBUG add: 'ipamembercertprofile' to referint-membership-attr, current value ['ipaallowedtarget', 'managedby', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'ipamemberca', 'owner', 'ipasudorunasgroup', 'seeAlso', 'sourcehost', 'memberservice', 'ipatokenradiusconfiglink'] 2017-05-11T17:48:37Z DEBUG add: updated value ['ipaallowedtarget', 'managedby', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'memberhost', 'ipasudorunas', 'ipamemberca', 'owner', 'ipasudorunasgroup', 'seeAlso', 'sourcehost', 'memberservice', 'ipatokenradiusconfiglink', 'ipamembercertprofile'] 2017-05-11T17:48:37Z DEBUG add: 'ipalocation' to referint-membership-attr, current value ['ipaallowedtarget', 'ipamembercertprofile', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'managedby', 'ipasudorunas', 'ipamemberca', 'owner', 'ipasudorunasgroup', 'seeAlso', 'memberhost', 'sourcehost', 'memberservice', 'ipatokenradiusconfiglink'] 2017-05-11T17:48:37Z DEBUG add: updated value ['ipaallowedtarget', 'ipamembercertprofile', 'ipaassignedidview', 'secretary', 'memberuser', 'uniquemember', 'memberdenycmd', 'member', 'memberallowcmd', 'manager', 'managedby', 'ipasudorunas', 'ipamemberca', 'owner', 'ipasudorunasgroup', 'seeAlso', 'memberhost', 'sourcehost', 'memberservice', 'ipatokenradiusconfiglink', 'ipalocation'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG referint 2017-05-11T17:48:37Z DEBUG nsslapd-pluginentryscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG referential integrity postoperation 2017-05-11T17:48:37Z DEBUG referint-update-delay: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginexcludeentryscope: 2017-05-11T17:48:37Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG referential integrity plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libreferint-plugin 2017-05-11T17:48:37Z DEBUG nsslapd-plugincontainerscope: 2017-05-11T17:48:37Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginprecedence: 2017-05-11T17:48:37Z DEBUG 40 2017-05-11T17:48:37Z DEBUG referint-logfile: 2017-05-11T17:48:37Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/referint 2017-05-11T17:48:37Z DEBUG referint-logchanges: 2017-05-11T17:48:37Z DEBUG 0 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpostoperation 2017-05-11T17:48:37Z DEBUG referint-membership-attr: 2017-05-11T17:48:37Z DEBUG ipaallowedtarget 2017-05-11T17:48:37Z DEBUG ipasudorunas 2017-05-11T17:48:37Z DEBUG ipamembercertprofile 2017-05-11T17:48:37Z DEBUG ipaassignedidview 2017-05-11T17:48:37Z DEBUG secretary 2017-05-11T17:48:37Z DEBUG memberuser 2017-05-11T17:48:37Z DEBUG uniquemember 2017-05-11T17:48:37Z DEBUG memberdenycmd 2017-05-11T17:48:37Z DEBUG member 2017-05-11T17:48:37Z DEBUG memberallowcmd 2017-05-11T17:48:37Z DEBUG manager 2017-05-11T17:48:37Z DEBUG managedby 2017-05-11T17:48:37Z DEBUG ipalocation 2017-05-11T17:48:37Z DEBUG ipamemberca 2017-05-11T17:48:37Z DEBUG owner 2017-05-11T17:48:37Z DEBUG ipasudorunasgroup 2017-05-11T17:48:37Z DEBUG ipatokenradiusconfiglink 2017-05-11T17:48:37Z DEBUG memberhost 2017-05-11T17:48:37Z DEBUG sourcehost 2017-05-11T17:48:37Z DEBUG memberservice 2017-05-11T17:48:37Z DEBUG seeAlso 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG referint_postop_init 2017-05-11T17:48:37Z DEBUG [(0, u'referint-membership-attr', ['ipaallowedtarget', 'ipasudorunas', 'ipamembercertprofile', 'ipaassignedidview', 'secretary', 'memberuser', 'memberdenycmd', 'memberallowcmd', 'manager', 'managedby', 'ipalocation', 'ipamemberca', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'memberhost', 'sourcehost', 'memberservice'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/30-provisioning.update' 2017-05-11T17:48:37Z DEBUG New entry: cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG provisioning 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG provisioning 2017-05-11T17:48:37Z DEBUG New entry: cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG accounts 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG accounts 2017-05-11T17:48:37Z DEBUG New entry: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG staged users 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG staged users 2017-05-11T17:48:37Z DEBUG New entry: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG deleted users 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectclass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG deleted users 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG staged users 2017-05-11T17:48:37Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)' to aci, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG staged users 2017-05-11T17:48:37Z DEBUG [(2, u'aci', ['(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG deleted users 2017-05-11T17:48:37Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)' to aci, current value [] 2017-05-11T17:48:37Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:37Z DEBUG add: '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)' to aci, current value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:37Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";) 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG deleted users 2017-05-11T17:48:37Z DEBUG [(2, u'aci', ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG New entry: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ldapSubEntry 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cosSuperDefinition 2017-05-11T17:48:37Z DEBUG cosPointerDefinition 2017-05-11T17:48:37Z DEBUG costemplatedn: 2017-05-11T17:48:37Z DEBUG cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG provisioning accounts lock 2017-05-11T17:48:37Z DEBUG cosAttribute: 2017-05-11T17:48:37Z DEBUG nsaccountlock operational 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ldapSubEntry 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cosSuperDefinition 2017-05-11T17:48:37Z DEBUG cosPointerDefinition 2017-05-11T17:48:37Z DEBUG costemplatedn: 2017-05-11T17:48:37Z DEBUG cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG provisioning accounts lock 2017-05-11T17:48:37Z DEBUG cosAttribute: 2017-05-11T17:48:37Z DEBUG nsaccountlock operational 2017-05-11T17:48:37Z DEBUG New entry: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG cosTemplate 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG cosPriority: 2017-05-11T17:48:37Z DEBUG 1 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Inactivation cos template 2017-05-11T17:48:37Z DEBUG nsAccountLock: 2017-05-11T17:48:37Z DEBUG true 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG cosTemplate 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG cosPriority: 2017-05-11T17:48:37Z DEBUG 1 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Inactivation cos template 2017-05-11T17:48:37Z DEBUG nsAccountLock: 2017-05-11T17:48:37Z DEBUG true 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/30-s4u2proxy.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG s4u2proxy 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG s4u2proxy 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:37Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-http-delegation 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:37Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-http-delegation 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG ldap/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-ldap-delegation-targets 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG ldap/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-ldap-delegation-targets 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:37Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-http-delegation 2017-05-11T17:48:37Z DEBUG add: 'HTTP/ipa.rdlg.net@RDLG.NET' to memberPrincipal, current value ['HTTP/ipa.rdlg.net@RDLG.NET'] 2017-05-11T17:48:37Z DEBUG add: updated value ['HTTP/ipa.rdlg.net@RDLG.NET'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:37Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-http-delegation 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG ldap/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-ldap-delegation-targets 2017-05-11T17:48:37Z DEBUG add: 'ldap/ipa.rdlg.net@RDLG.NET' to memberPrincipal, current value ['ldap/ipa.rdlg.net@RDLG.NET'] 2017-05-11T17:48:37Z DEBUG add: updated value ['ldap/ipa.rdlg.net@RDLG.NET'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupOfPrincipals 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG memberPrincipal: 2017-05-11T17:48:37Z DEBUG ldap/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ipa-ldap-delegation-targets 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/37-locations.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG locations 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG locations 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/40-automember.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG Auto Membership 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Auto Membership Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG Auto Membership plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libautomember-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:48:37Z DEBUG cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpreoperation 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG automember_init 2017-05-11T17:48:37Z DEBUG addifnew: 'cn=automember,cn=etc,dc=rdlg,dc=net' to nsslapd-pluginConfigArea, current value ['cn=automember,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2017-05-11T17:48:37Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:37Z DEBUG Auto Membership 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Auto Membership Plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:37Z DEBUG 1.3.5.10 2017-05-11T17:48:37Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:37Z DEBUG Auto Membership plugin 2017-05-11T17:48:37Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:37Z DEBUG on 2017-05-11T17:48:37Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:37Z DEBUG libautomember-plugin 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsSlapdPlugin 2017-05-11T17:48:37Z DEBUG extensibleObject 2017-05-11T17:48:37Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:37Z DEBUG database 2017-05-11T17:48:37Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:37Z DEBUG 389 Project 2017-05-11T17:48:37Z DEBUG nsslapd-pluginConfigArea: 2017-05-11T17:48:37Z DEBUG cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:37Z DEBUG betxnpreoperation 2017-05-11T17:48:37Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:37Z DEBUG automember_init 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG automember 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG automember 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG autoMemberDefinition 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG autoMemberGroupingAttr: 2017-05-11T17:48:37Z DEBUG member:dn 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Hostgroup 2017-05-11T17:48:37Z DEBUG autoMemberScope: 2017-05-11T17:48:37Z DEBUG cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG autoMemberFilter: 2017-05-11T17:48:37Z DEBUG objectclass=ipaHost 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG autoMemberDefinition 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG autoMemberGroupingAttr: 2017-05-11T17:48:37Z DEBUG member:dn 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Hostgroup 2017-05-11T17:48:37Z DEBUG autoMemberScope: 2017-05-11T17:48:37Z DEBUG cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG autoMemberFilter: 2017-05-11T17:48:37Z DEBUG objectclass=ipaHost 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG autoMemberDefinition 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG autoMemberGroupingAttr: 2017-05-11T17:48:37Z DEBUG member:dn 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Group 2017-05-11T17:48:37Z DEBUG autoMemberScope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG autoMemberFilter: 2017-05-11T17:48:37Z DEBUG objectclass=posixAccount 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG autoMemberDefinition 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG autoMemberGroupingAttr: 2017-05-11T17:48:37Z DEBUG member:dn 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Group 2017-05-11T17:48:37Z DEBUG autoMemberScope: 2017-05-11T17:48:37Z DEBUG cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG autoMemberFilter: 2017-05-11T17:48:37Z DEBUG objectclass=posixAccount 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/40-certprofile.update' 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ca 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG ca 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Updating existing entry: cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG certprofiles 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG nsContainer 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG certprofiles 2017-05-11T17:48:37Z DEBUG [] 2017-05-11T17:48:37Z DEBUG Updated 0 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG Parsing update file '/usr/share/ipa/updates/40-delegation.update' 2017-05-11T17:48:37Z DEBUG New entry: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG nestedgroup 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG nestedgroup 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG New entry: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipapermission 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG ipapermission 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG member: 2017-05-11T17:48:37Z DEBUG cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG Write IPA Configuration 2017-05-11T17:48:37Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG info: 2017-05-11T17:48:37Z DEBUG IPA V2.0 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG pilotObject 2017-05-11T17:48:37Z DEBUG nisDomainObject 2017-05-11T17:48:37Z DEBUG domainRelatedObject 2017-05-11T17:48:37Z DEBUG associatedDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG dc: 2017-05-11T17:48:37Z DEBUG rdlg 2017-05-11T17:48:37Z DEBUG nisDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG add: '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:37Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG info: 2017-05-11T17:48:37Z DEBUG IPA V2.0 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG domain 2017-05-11T17:48:37Z DEBUG pilotObject 2017-05-11T17:48:37Z DEBUG nisDomainObject 2017-05-11T17:48:37Z DEBUG domainRelatedObject 2017-05-11T17:48:37Z DEBUG associatedDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG dc: 2017-05-11T17:48:37Z DEBUG rdlg 2017-05-11T17:48:37Z DEBUG nisDomain: 2017-05-11T17:48:37Z DEBUG rdlg.net 2017-05-11T17:48:37Z DEBUG aci: 2017-05-11T17:48:37Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:37Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:37Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:37Z DEBUG [(0, u'aci', ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:37Z DEBUG Updated 1 2017-05-11T17:48:37Z DEBUG Done 2017-05-11T17:48:37Z DEBUG New entry: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Initial value 2017-05-11T17:48:37Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nestedgroup 2017-05-11T17:48:37Z DEBUG cn: 2017-05-11T17:48:37Z DEBUG HBAC Administrator 2017-05-11T17:48:37Z DEBUG description: 2017-05-11T17:48:37Z DEBUG HBAC Administrator 2017-05-11T17:48:37Z DEBUG --------------------------------------------- 2017-05-11T17:48:37Z DEBUG Final value after applying updates 2017-05-11T17:48:37Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:37Z DEBUG objectClass: 2017-05-11T17:48:37Z DEBUG groupofnames 2017-05-11T17:48:37Z DEBUG top 2017-05-11T17:48:37Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG HBAC Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG HBAC Administrator 2017-05-11T17:48:38Z DEBUG New entry: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Sudo Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Sudo Administrator 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Sudo Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Sudo Administrator 2017-05-11T17:48:38Z DEBUG New entry: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Password Policy Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Password Policy Administrator 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Password Policy Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Password Policy Administrator 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Host Enrollment 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Host Enrollment 2017-05-11T17:48:38Z DEBUG add: 'cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:38Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Host Enrollment 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Host Enrollment 2017-05-11T17:48:38Z DEBUG [(2, u'member', ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Add DNS entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Add DNS entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Remove DNS entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Remove DNS entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG SELinux User Map Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG SELinux User Map Administrators 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG SELinux User Map Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG SELinux User Map Administrators 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG ipa 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG add: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG ipa 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Retrieve Certificates from the CA 2017-05-11T17:48:38Z DEBUG add: 'cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net' to member, current value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG add: updated value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net', 'cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Retrieve Certificates from the CA 2017-05-11T17:48:38Z DEBUG [(0, u'member', ['cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Revoke Certificate 2017-05-11T17:48:38Z DEBUG add: 'cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net' to member, current value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG add: updated value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net', 'cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Revoke Certificate 2017-05-11T17:48:38Z DEBUG [(0, u'member', ['cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG ipa 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG add: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG ipa 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificates 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificates 2017-05-11T17:48:38Z DEBUG [(2, u'aci', ['(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Automember Task Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Automember Task Administrator 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Automember Task Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Automember Task Administrator 2017-05-11T17:48:38Z DEBUG New entry: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Add Automember Rebuild Membership Task 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Add Automember Rebuild Membership Task 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG add: '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG retrieve certificate 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG retrieve certificate 2017-05-11T17:48:38Z DEBUG New entry: cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate 2017-05-11T17:48:38Z DEBUG New entry: cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate different host 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate different host 2017-05-11T17:48:38Z DEBUG New entry: cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificate status 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificate status 2017-05-11T17:48:38Z DEBUG New entry: cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG revoke certificate 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG revoke certificate 2017-05-11T17:48:38Z DEBUG New entry: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificate remove hold 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG certificate remove hold 2017-05-11T17:48:38Z DEBUG New entry: cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate with subjectaltname 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate with subjectaltname 2017-05-11T17:48:38Z DEBUG New entry: cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Request Certificate with SubjectAltName 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Request Certificate with SubjectAltName 2017-05-11T17:48:38Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG add: '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate ignore caacl 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG request certificate ignore caacl 2017-05-11T17:48:38Z DEBUG New entry: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Request Certificate ignoring CA ACLs 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Request Certificate ignoring CA ACLs 2017-05-11T17:48:38Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG add: '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=RBAC Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=RBAC Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG RBAC Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read roles, privileges, permissions and ACIs 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=RBAC Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG RBAC Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read roles, privileges, permissions and ACIs 2017-05-11T17:48:38Z DEBUG New entry: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Password Policy Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read password policies 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Password Policy Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read password policies 2017-05-11T17:48:38Z DEBUG New entry: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Kerberos Ticket Policy Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read global and per-user Kerberos ticket policy 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Kerberos Ticket Policy Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read global and per-user Kerberos ticket policy 2017-05-11T17:48:38Z DEBUG New entry: cn=Automember Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Automember Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Automember Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read Automember definitions 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Automember Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Automember Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read Automember definitions 2017-05-11T17:48:38Z DEBUG New entry: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA Masters Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read list of IPA masters 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA Masters Readers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Read list of IPA masters 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG masters 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' from aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) userdn = "ldap:///fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG masters 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=PassSync Service,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=PassSync Service,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG PassSync Service 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG PassSync Service 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=PassSync Service,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG PassSync Service 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG PassSync Service 2017-05-11T17:48:38Z DEBUG New entry: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read PassSync Managers Configuration 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read PassSync Managers Configuration 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG add: '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify PassSync Managers Configuration 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify PassSync Managers Configuration 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG add: '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read LDBM Database Configuration 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read LDBM Database Configuration 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG add: '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Add Configuration Sub-Entries 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Add Configuration Sub-Entries 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG add: '(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-betype: 2017-05-11T17:48:38Z DEBUG ldbm database 2017-05-11T17:48:38Z DEBUG nsslapd-nagle: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-global: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-referralmode: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-reservedescriptors: 2017-05-11T17:48:38Z DEBUG 64 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG passwordMinAlphas: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-enquote-sup-oc: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxcheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-unhashed-pw-switch: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordLegacyPolicy: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logbuffering: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-SSLclientAuth: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinUppers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin: 2017-05-11T17:48:38Z DEBUG cn=binary syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=country string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=fax syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=guide syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integer syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=oid syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-threshold: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-dn-validate-strict: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-max-size: 2017-05-11T17:48:38Z DEBUG 20971520 2017-05-11T17:48:38Z DEBUG nsslapd-timelimit: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordIsGlobalPolicy: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-moddn-aci: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-inherit-global: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinTokenLength: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mxfast: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMinAge: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG week 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-grace-period: 2017-05-11T17:48:38Z DEBUG 60 2017-05-11T17:48:38Z DEBUG nsslapd-maxdescriptors: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-allow-hashed-passwords: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordInHistory: 2017-05-11T17:48:38Z DEBUG 6 2017-05-11T17:48:38Z DEBUG nsslapd-ssl-check-hostname: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-conntablesize: 2017-05-11T17:48:38Z DEBUG 8192 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-saslpath: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG passwordMaxAge: 2017-05-11T17:48:38Z DEBUG 8639913600 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiautobind: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-extract-pemfiles: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxthreadsperconn: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapigidnumbertype: 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-connection-buffer: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-dynamic-plugins: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-csnlogging: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-tmpdir: 2017-05-11T17:48:38Z DEBUG /tmp 2017-05-11T17:48:38Z DEBUG passwordResetFailureCount: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-counters: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-svrtab: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-sasl-mechanisms: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-minssf: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-schemadir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET/schema 2017-05-11T17:48:38Z DEBUG nsslapd-localuser: 2017-05-11T17:48:38Z DEBUG dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-security: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordChange: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-requiresrestart: 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-port 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-secureport 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapifilepath 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-ldapilisten 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-workingdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-sslclientauth 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogdir 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogsuffix 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxentries 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-changelogmaxage 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-db-locks 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-maxdescriptors 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-return-exact-case 2017-05-11T17:48:38Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2017-05-11T17:48:38Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nssslclientauth 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl2 2017-05-11T17:48:38Z DEBUG cn=encryption,cn=config:nsssl3 2017-05-11T17:48:38Z DEBUG passwordMaxFailure: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ldapifilepath: 2017-05-11T17:48:38Z DEBUG /var/run/slapd-RDLG-NET.socket 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-pagedsizelimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-global-backend-lock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listen-backlog-size: 2017-05-11T17:48:38Z DEBUG 128 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/access 2017-05-11T17:48:38Z DEBUG nsslapd-certmap-basedn: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-logging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesscontrol: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-rootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-ldifdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/ldif 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-anonlimitsdn: 2017-05-11T17:48:38Z DEBUG cn=anonymous-limits,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logging-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordMustChange: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordExp: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-logging-backend: 2017-05-11T17:48:38Z DEBUG dirsrv-log 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaprootdn: 2017-05-11T17:48:38Z DEBUG cn=Directory Manager 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-enabled: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ds4-compatible-schema: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-nunc-stans: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinLength: 2017-05-11T17:48:38Z DEBUG 8 2017-05-11T17:48:38Z DEBUG nsslapd-require-secure-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-groupevalnestlevel: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-idletimeout: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-mmap-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2017-05-11T17:48:38Z DEBUG day 2017-05-11T17:48:38Z DEBUG nsslapd-securePort: 2017-05-11T17:48:38Z DEBUG 636 2017-05-11T17:48:38Z DEBUG nsslapd-snmp-index: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG config 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapdConfig 2017-05-11T17:48:38Z DEBUG nsslapd-ldapimaptoentries: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordSendExpiringTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-hash-filters: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-entryusn-import-initval: 2017-05-11T17:48:38Z DEBUG next 2017-05-11T17:48:38Z DEBUG nsslapd-malloc-trim-threshold: 2017-05-11T17:48:38Z DEBUG -10 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-time-skew: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-allow-unauthenticated-binds: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-listenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/errors 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-mapping-fallback: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-disk-monitoring-logging-critical: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-force-sasl-external: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-enable-turbo-mode: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordCheckSyntax: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordGraceLimit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG passwordWarning: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-instancedir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/scripts-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-config: 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-versionstring: 2017-05-11T17:48:38Z DEBUG 389-Directory/1.3.5.10 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-level: 2017-05-11T17:48:38Z DEBUG 256 2017-05-11T17:48:38Z DEBUG nsslapd-return-exact-case: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-maxsasliosize: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG nsslapd-rewrite-rfc1274: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-rootpwstoragescheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG passwordLockout: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-lockdir: 2017-05-11T17:48:38Z DEBUG /var/lock/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-certdir: 2017-05-11T17:48:38Z DEBUG /etc/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-allow-anonymous-access: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG nsslapd-backendconfig: 2017-05-11T17:48:38Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-threadnumber: 2017-05-11T17:48:38Z DEBUG 30 2017-05-11T17:48:38Z DEBUG nsslapd-schemamod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-search-return-original-type-switch: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-localhost: 2017-05-11T17:48:38Z DEBUG ipa.rdlg.net 2017-05-11T17:48:38Z DEBUG nsslapd-bakdir: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/bak 2017-05-11T17:48:38Z DEBUG passwordMin8bit: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ldapiuidnumbertype: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG nsslapd-validate-cert: 2017-05-11T17:48:38Z DEBUG warn 2017-05-11T17:48:38Z DEBUG passwordMinCategories: 2017-05-11T17:48:38Z DEBUG 3 2017-05-11T17:48:38Z DEBUG passwordMinLowers: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordAdminDN: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-ldapilisten: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordMinSpecials: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-lastmod: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-max-filter-nest-level: 2017-05-11T17:48:38Z DEBUG 40 2017-05-11T17:48:38Z DEBUG passwordMaxRepeats: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-securelistenhost: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-maxsimplepaged-per-conn: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-result-tweak: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2017-05-11T17:48:38Z DEBUG month 2017-05-11T17:48:38Z DEBUG passwordUnlock: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-schemacheck: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG passwordTrackUpdateTime: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-maxbersize: 2017-05-11T17:48:38Z DEBUG 209715200 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-ldapientrysearchbase: 2017-05-11T17:48:38Z DEBUG dc=example,dc=com 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logexpirationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-localssf: 2017-05-11T17:48:38Z DEBUG 71 2017-05-11T17:48:38Z DEBUG nsslapd-sizelimit: 2017-05-11T17:48:38Z DEBUG 2000 2017-05-11T17:48:38Z DEBUG nsslapd-minssf-exclude-rootdse: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-ignore-virtual-attrs: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ndn-cache-enabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationtime: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-defaultnamingcontext: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 1 2017-05-11T17:48:38Z DEBUG nsslapd-pwpolicy-local: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-sasl-max-buffer-size: 2017-05-11T17:48:38Z DEBUG 2097152 2017-05-11T17:48:38Z DEBUG passwordLockoutDuration: 2017-05-11T17:48:38Z DEBUG 3600 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-port: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-maxlogsize: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG nsslapd-privatenamespaces: 2017-05-11T17:48:38Z DEBUG cn=schema 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG cn=monitor 2017-05-11T17:48:38Z DEBUG cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-maxlogsperdir: 2017-05-11T17:48:38Z DEBUG 2 2017-05-11T17:48:38Z DEBUG nsslapd-auditlog: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET/audit 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-mode: 2017-05-11T17:48:38Z DEBUG 600 2017-05-11T17:48:38Z DEBUG nsslapd-rootpw: 2017-05-11T17:48:38Z DEBUG {SSHA}ivpfUEJGKWW115wDkPsPfQQFhTUx8+KLuAm3tg== 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-logrotationsynchour: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-outbound-ldap-io-timeout: 2017-05-11T17:48:38Z DEBUG 300000 2017-05-11T17:48:38Z DEBUG nsslapd-workingdir: 2017-05-11T17:48:38Z DEBUG /var/log/dirsrv/slapd-RDLG-NET 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-list: 2017-05-11T17:48:38Z DEBUG 2017-05-11T17:48:38Z DEBUG nsslapd-rundir: 2017-05-11T17:48:38Z DEBUG /var/run/dirsrv 2017-05-11T17:48:38Z DEBUG nsslapd-schemareplace: 2017-05-11T17:48:38Z DEBUG replication-only 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-binddn-tracking: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-errorlog-level: 2017-05-11T17:48:38Z DEBUG 16384 2017-05-11T17:48:38Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-syntaxlogging: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-ioblocktimeout: 2017-05-11T17:48:38Z DEBUG 10000 2017-05-11T17:48:38Z DEBUG nsslapd-attribute-name-exceptions: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG passwordMinDigits: 2017-05-11T17:48:38Z DEBUG 0 2017-05-11T17:48:38Z DEBUG nsslapd-allowed-to-delete-attrs: 2017-05-11T17:48:38Z DEBUG passwordadmindn nsslapd-listenhost nsslapd-securelistenhost nsslapd-defaultnamingcontext 2017-05-11T17:48:38Z DEBUG nsslapd-accesslog-logminfreediskspace: 2017-05-11T17:48:38Z DEBUG 5 2017-05-11T17:48:38Z DEBUG passwordStorageScheme: 2017-05-11T17:48:38Z DEBUG SSHA 2017-05-11T17:48:38Z DEBUG nsslapd-connection-nocanon: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=CA Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=CA Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG CA Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG CA Administrator 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=CA Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG CA Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG CA Administrator 2017-05-11T17:48:38Z DEBUG New entry: cn=Vault Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Vault Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Vault Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Vault Administrators 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Vault Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Vault Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Vault Administrators 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG DNS Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG DNS Administrators 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG DNS Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG DNS Administrators 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG DNS Servers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG DNS Servers 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG DNS Servers 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG DNS Servers 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/40-dns.update' 2017-05-11T17:48:38Z DEBUG New entry: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG addifexist: 'idnsConfigObject' to objectClass, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG New entry: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG replace: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net");) not found, skipping 2017-05-11T17:48:38Z DEBUG replace: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net" or userattr = "parent[0,1].managedby#GROUPDN";) not found, skipping 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG New entry: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord ")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord ")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=dns,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=IPA DNS,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=IPA DNS,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:38Z DEBUG ipa_dns 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA DNS 2017-05-11T17:48:38Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:38Z DEBUG IPA DNS support plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:38Z DEBUG libipa_dns.so 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsslapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:38Z DEBUG ipadns_init 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=IPA DNS,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:38Z DEBUG ipa_dns 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA DNS 2017-05-11T17:48:38Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:38Z DEBUG IPA DNS support plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:38Z DEBUG libipa_dns.so 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsslapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:38Z DEBUG ipadns_init 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/40-otp.update' 2017-05-11T17:48:38Z DEBUG New entry: cn=otp,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=otp,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG otp 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=otp,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG otp 2017-05-11T17:48:38Z DEBUG New entry: cn=otp,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=otp,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipatokenHOTPsyncWindow: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG ipatokenHOTPauthWindow: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG otp 2017-05-11T17:48:38Z DEBUG ipatokenTOTPsyncWindow: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG ipatokenOTPConfig 2017-05-11T17:48:38Z DEBUG ipatokenTOTPauthWindow: 2017-05-11T17:48:38Z DEBUG 300 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=otp,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipatokenHOTPsyncWindow: 2017-05-11T17:48:38Z DEBUG 100 2017-05-11T17:48:38Z DEBUG ipatokenHOTPauthWindow: 2017-05-11T17:48:38Z DEBUG 10 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG otp 2017-05-11T17:48:38Z DEBUG ipatokenTOTPsyncWindow: 2017-05-11T17:48:38Z DEBUG 86400 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG ipatokenOTPConfig 2017-05-11T17:48:38Z DEBUG ipatokenTOTPauthWindow: 2017-05-11T17:48:38Z DEBUG 300 2017-05-11T17:48:38Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create and delete tokens"; allow (add, delete) userattr = "ipatokenOwner#SELFDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create and delete tokens"; allow (add, delete) userattr = "ipatokenOwner#SELFDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenHOTPcounter")(version 3.0; acl "Users can add HOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenHOTPcounter")(version 3.0; acl "Users can add HOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2017-05-11T17:48:38Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)'] 2017-05-11T17:48:38Z DEBUG add: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)' to aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG info: 2017-05-11T17:48:38Z DEBUG IPA V2.0 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domain 2017-05-11T17:48:38Z DEBUG pilotObject 2017-05-11T17:48:38Z DEBUG nisDomainObject 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG dc: 2017-05-11T17:48:38Z DEBUG rdlg 2017-05-11T17:48:38Z DEBUG nisDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:38Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=radiusproxy,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=radiusproxy,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG radiusproxy 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=radiusproxy,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG radiusproxy 2017-05-11T17:48:38Z DEBUG New entry: cn=IPA OTP Last Token,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=IPA OTP Last Token,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginid: 2017-05-11T17:48:38Z DEBUG ipa-otp-lasttoken 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA OTP Last Token 2017-05-11T17:48:38Z DEBUG objectclass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsSlapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugindescription: 2017-05-11T17:48:38Z DEBUG IPA OTP Last Token plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginpath: 2017-05-11T17:48:38Z DEBUG libipa_otp_lasttoken 2017-05-11T17:48:38Z DEBUG nsslapd-pluginversion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-plugintype: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:48:38Z DEBUG ipa_otp_lasttoken_init 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=IPA OTP Last Token,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginid: 2017-05-11T17:48:38Z DEBUG ipa-otp-lasttoken 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA OTP Last Token 2017-05-11T17:48:38Z DEBUG objectclass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsSlapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugindescription: 2017-05-11T17:48:38Z DEBUG IPA OTP Last Token plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginpath: 2017-05-11T17:48:38Z DEBUG libipa_otp_lasttoken 2017-05-11T17:48:38Z DEBUG nsslapd-pluginversion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-plugintype: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:48:38Z DEBUG ipa_otp_lasttoken_init 2017-05-11T17:48:38Z DEBUG New entry: cn=IPA OTP Counter,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=IPA OTP Counter,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginid: 2017-05-11T17:48:38Z DEBUG ipa-otp-counter 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA OTP Counter 2017-05-11T17:48:38Z DEBUG objectclass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsSlapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugindescription: 2017-05-11T17:48:38Z DEBUG IPA OTP Counter plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginpath: 2017-05-11T17:48:38Z DEBUG libipa_otp_counter 2017-05-11T17:48:38Z DEBUG nsslapd-pluginversion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-plugintype: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:48:38Z DEBUG ipa_otp_counter_init 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=IPA OTP Counter,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-pluginid: 2017-05-11T17:48:38Z DEBUG ipa-otp-counter 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG IPA OTP Counter 2017-05-11T17:48:38Z DEBUG objectclass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nsSlapdPlugin 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsslapd-plugindescription: 2017-05-11T17:48:38Z DEBUG IPA OTP Counter plugin 2017-05-11T17:48:38Z DEBUG nsslapd-pluginenabled: 2017-05-11T17:48:38Z DEBUG on 2017-05-11T17:48:38Z DEBUG nsslapd-pluginpath: 2017-05-11T17:48:38Z DEBUG libipa_otp_counter 2017-05-11T17:48:38Z DEBUG nsslapd-pluginversion: 2017-05-11T17:48:38Z DEBUG 1.0 2017-05-11T17:48:38Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:38Z DEBUG database 2017-05-11T17:48:38Z DEBUG nsslapd-pluginvendor: 2017-05-11T17:48:38Z DEBUG Red Hat, Inc. 2017-05-11T17:48:38Z DEBUG nsslapd-plugintype: 2017-05-11T17:48:38Z DEBUG preoperation 2017-05-11T17:48:38Z DEBUG nsslapd-plugininitfunc: 2017-05-11T17:48:38Z DEBUG ipa_otp_counter_init 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/40-realm_domains.update' 2017-05-11T17:48:38Z DEBUG New entry: cn=Realm Domains,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Realm Domains,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Realm Domains 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Realm Domains,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG domainRelatedObject 2017-05-11T17:48:38Z DEBUG associatedDomain: 2017-05-11T17:48:38Z DEBUG rdlg.net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Realm Domains 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/40-replication.update' 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-directory: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db/userRoot 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG userRoot 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsBackendInstance 2017-05-11T17:48:38Z DEBUG nsslapd-require-index: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-suffix: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-dncachememsize: 2017-05-11T17:48:38Z DEBUG 10485760 2017-05-11T17:48:38Z DEBUG nsslapd-cachesize: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-cachememsize: 2017-05-11T17:48:38Z DEBUG 10485760 2017-05-11T17:48:38Z DEBUG add: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG nsslapd-directory: 2017-05-11T17:48:38Z DEBUG /var/lib/dirsrv/slapd-RDLG-NET/db/userRoot 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG userRoot 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG nsBackendInstance 2017-05-11T17:48:38Z DEBUG nsslapd-require-index: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG nsslapd-suffix: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG nsslapd-readonly: 2017-05-11T17:48:38Z DEBUG off 2017-05-11T17:48:38Z DEBUG nsslapd-dncachememsize: 2017-05-11T17:48:38Z DEBUG 10485760 2017-05-11T17:48:38Z DEBUG nsslapd-cachesize: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG nsslapd-cachememsize: 2017-05-11T17:48:38Z DEBUG 10485760 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipaPermissionType: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify DNA Range 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipaPermissionType: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify DNA Range 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG dnaScope: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaThreshold: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Posix IDs 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG dnaMagicRegen: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG dnaNextValue: 2017-05-11T17:48:38Z DEBUG 1301600000 2017-05-11T17:48:38Z DEBUG dnaExcludeScope: 2017-05-11T17:48:38Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaFilter: 2017-05-11T17:48:38Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:38Z DEBUG dnaType: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG dnaMaxValue: 2017-05-11T17:48:38Z DEBUG 1301799999 2017-05-11T17:48:38Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:38Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG add: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG dnaScope: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaThreshold: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Posix IDs 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG dnaMagicRegen: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG dnaNextValue: 2017-05-11T17:48:38Z DEBUG 1301600000 2017-05-11T17:48:38Z DEBUG dnaExcludeScope: 2017-05-11T17:48:38Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaFilter: 2017-05-11T17:48:38Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:38Z DEBUG dnaType: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG dnaMaxValue: 2017-05-11T17:48:38Z DEBUG 1301799999 2017-05-11T17:48:38Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:38Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG New entry: cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read DNA Range 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG ipapermission 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG ipapermissiontype: 2017-05-11T17:48:38Z DEBUG SYSTEM 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Read DNA Range 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG dnaScope: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaThreshold: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Posix IDs 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG dnaMagicRegen: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG dnaNextValue: 2017-05-11T17:48:38Z DEBUG 1301600000 2017-05-11T17:48:38Z DEBUG dnaExcludeScope: 2017-05-11T17:48:38Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaFilter: 2017-05-11T17:48:38Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:38Z DEBUG dnaType: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG dnaMaxValue: 2017-05-11T17:48:38Z DEBUG 1301799999 2017-05-11T17:48:38Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:38Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG add: '(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to aci, current value ['(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG add: updated value ['(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:38Z DEBUG dnaScope: 2017-05-11T17:48:38Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaThreshold: 2017-05-11T17:48:38Z DEBUG 500 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Posix IDs 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG extensibleObject 2017-05-11T17:48:38Z DEBUG aci: 2017-05-11T17:48:38Z DEBUG (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:38Z DEBUG dnaMagicRegen: 2017-05-11T17:48:38Z DEBUG -1 2017-05-11T17:48:38Z DEBUG dnaNextValue: 2017-05-11T17:48:38Z DEBUG 1301600000 2017-05-11T17:48:38Z DEBUG dnaExcludeScope: 2017-05-11T17:48:38Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG dnaFilter: 2017-05-11T17:48:38Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:38Z DEBUG dnaType: 2017-05-11T17:48:38Z DEBUG uidNumber 2017-05-11T17:48:38Z DEBUG gidNumber 2017-05-11T17:48:38Z DEBUG dnaMaxValue: 2017-05-11T17:48:38Z DEBUG 1301799999 2017-05-11T17:48:38Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:38Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG [(0, u'aci', ['(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/40-vault.update' 2017-05-11T17:48:38Z DEBUG New entry: cn=vaults,cn=kra,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=vaults,cn=kra,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=rdlg,dc=net")(version 3.0; acl "Allow users to create private container"; allow (add) userdn = "ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=rdlg,dc=net")(version 3.0; acl "Allow users to create private container"; allow (add) userdn = "ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=rdlg,dc=net")(version 3.0; acl "Allow services to create private container"; allow (add) userdn = "ldap:///krbprincipalname=($attr.cn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=rdlg,dc=net")(version 3.0; acl "Allow services to create private container"; allow (add) userdn = "ldap:///krbprincipalname=($attr.cn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#USERDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#USERDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#USERDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#GROUPDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#GROUPDN";)' not in aci 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and userattr="owner#SELFDN";)' from aci, current value [] 2017-05-11T17:48:38Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn)@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and userattr="owner#SELFDN";)' not in aci 2017-05-11T17:48:38Z DEBUG addifexist: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow users to create private container"; allow(add) userdn="ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=rdlg,dc=net" and userattr="owner#SELFDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn),cn=services,cn=accounts,dc=rdlg,dc=net" and userattr="owner#SELFDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description || owner")(version 3.0; acl "Container owners can access the container"; allow(read, search, compare) userattr="owner#USERDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description || owner")(version 3.0; acl "Indirect container owners can access the container"; allow(read, search, compare) userattr="owner#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description")(version 3.0; acl "Container owners can manage the container"; allow(write, delete) userattr="owner#USERDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description")(version 3.0; acl "Indirect container owners can manage the container"; allow(write, delete) userattr="owner#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(version 3.0; acl "Container owners can add vaults in the container"; allow(add) userattr="parent[1].owner#USERDN" and userattr="owner#SELFDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(version 3.0; acl "Indirect container owners can add vaults in the container"; allow(add) userattr="parent[1].owner#GROUPDN" and userattr="owner#SELFDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Vault owners can access the vault"; allow(read, search, compare) userattr="owner#USERDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Indirect vault owners can access the vault"; allow(read, search, compare) userattr="owner#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || member")(version 3.0; acl "Vault owners can manage the vault"; allow(write, delete) userattr="owner#USERDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || member")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(write, delete) userattr="owner#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=vaults,cn=kra,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/41-caacl.update' 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG caacls 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG caacls 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/41-lightweight-cas.update' 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG cas 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG nsContainer 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG cas 2017-05-11T17:48:38Z DEBUG [] 2017-05-11T17:48:38Z DEBUG Updated 0 2017-05-11T17:48:38Z DEBUG Done 2017-05-11T17:48:38Z DEBUG Parsing update file '/usr/share/ipa/updates/45-roles.update' 2017-05-11T17:48:38Z DEBUG New entry: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify Users and Reset passwords 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Modify Users and Reset passwords 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify Users and Reset passwords 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Modify Users and Reset passwords 2017-05-11T17:48:38Z DEBUG New entry: cn=Modify Group membership,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=Modify Group membership,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify Group membership 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Modify Group membership 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=Modify Group membership,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG Modify Group membership 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Modify Group membership 2017-05-11T17:48:38Z DEBUG New entry: cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG User Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Responsible for creating Users and Groups 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG User Administrator 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG Responsible for creating Users and Groups 2017-05-11T17:48:38Z DEBUG Updating existing entry: cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Initial value 2017-05-11T17:48:38Z DEBUG dn: cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG User Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG User Administrators 2017-05-11T17:48:38Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:38Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:38Z DEBUG --------------------------------------------- 2017-05-11T17:48:38Z DEBUG Final value after applying updates 2017-05-11T17:48:38Z DEBUG dn: cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG objectClass: 2017-05-11T17:48:38Z DEBUG top 2017-05-11T17:48:38Z DEBUG groupofnames 2017-05-11T17:48:38Z DEBUG nestedgroup 2017-05-11T17:48:38Z DEBUG member: 2017-05-11T17:48:38Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:38Z DEBUG cn: 2017-05-11T17:48:38Z DEBUG User Administrators 2017-05-11T17:48:38Z DEBUG description: 2017-05-11T17:48:38Z DEBUG User Administrators 2017-05-11T17:48:38Z DEBUG [(2, u'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:38Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Group Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Group Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Group Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Group Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Stage User Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Stage User Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Stage User Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Stage User Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG New entry: cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IT Specialist 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG IT Specialist 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IT Specialist 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG IT Specialist 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Host Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Host Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Host Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Host Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Host Group Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Host Group Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Host Group Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Host Group Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Service Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Service Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Service Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Service Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Automount Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Automount Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Automount Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Automount Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG New entry: cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IT Security Specialist 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG IT Security Specialist 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IT Security Specialist 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG IT Security Specialist 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Netgroups Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Netgroups Administrators 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Netgroups Administrators 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Netgroups Administrators 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG HBAC Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG HBAC Administrator 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG HBAC Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG HBAC Administrator 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Sudo Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Sudo Administrator 2017-05-11T17:48:39Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Sudo Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Sudo Administrator 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG New entry: cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Security Architect 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Security Architect 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Security Architect 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Security Architect 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Delegation Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Role administration 2017-05-11T17:48:39Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Delegation Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Role administration 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Replication Administrators 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Replication Administrators 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG add: 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net' to member, current value ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net', 'cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Replication Administrators 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Replication Administrators 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG [(0, u'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Write IPA Configuration 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Write IPA Configuration 2017-05-11T17:48:39Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Write IPA Configuration 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Write IPA Configuration 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Password Policy Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Password Policy Administrator 2017-05-11T17:48:39Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net' to member, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Password Policy Administrator 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Password Policy Administrator 2017-05-11T17:48:39Z DEBUG [(2, u'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=rdlg,dc=net'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-7_bit_check.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:39Z DEBUG NS7bitAttr 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG 7-bit check 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:39Z DEBUG 1.3.5.10 2017-05-11T17:48:39Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:39Z DEBUG NS7bitAttr_Init 2017-05-11T17:48:39Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:39Z DEBUG Enforce 7-bit clean attribute values 2017-05-11T17:48:39Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:39Z DEBUG on 2017-05-11T17:48:39Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:39Z DEBUG libattr-unique-plugin 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSlapdPlugin 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:39Z DEBUG database 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg0: 2017-05-11T17:48:39Z DEBUG uid 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg3: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg2: 2017-05-11T17:48:39Z DEBUG , 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg1: 2017-05-11T17:48:39Z DEBUG mail 2017-05-11T17:48:39Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:39Z DEBUG betxnpreoperation 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:39Z DEBUG 389 Project 2017-05-11T17:48:39Z DEBUG replace: userpassword not found, skipping 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:39Z DEBUG NS7bitAttr 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG 7-bit check 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:39Z DEBUG 1.3.5.10 2017-05-11T17:48:39Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:39Z DEBUG NS7bitAttr_Init 2017-05-11T17:48:39Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:39Z DEBUG Enforce 7-bit clean attribute values 2017-05-11T17:48:39Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:39Z DEBUG on 2017-05-11T17:48:39Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:39Z DEBUG libattr-unique-plugin 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSlapdPlugin 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:39Z DEBUG database 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg0: 2017-05-11T17:48:39Z DEBUG uid 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg3: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg2: 2017-05-11T17:48:39Z DEBUG , 2017-05-11T17:48:39Z DEBUG nsslapd-pluginarg1: 2017-05-11T17:48:39Z DEBUG mail 2017-05-11T17:48:39Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:39Z DEBUG betxnpreoperation 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:39Z DEBUG 389 Project 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=aclResources,o=ipaca 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=aclResources,o=ipaca 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG CertACLS 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG aclResources 2017-05-11T17:48:39Z DEBUG resourceACLS: 2017-05-11T17:48:39Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2017-05-11T17:48:39Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2017-05-11T17:48:39Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2017-05-11T17:48:39Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2017-05-11T17:48:39Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2017-05-11T17:48:39Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2017-05-11T17:48:39Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2017-05-11T17:48:39Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2017-05-11T17:48:39Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2017-05-11T17:48:39Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2017-05-11T17:48:39Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2017-05-11T17:48:39Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2017-05-11T17:48:39Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2017-05-11T17:48:39Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2017-05-11T17:48:39Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2017-05-11T17:48:39Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2017-05-11T17:48:39Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2017-05-11T17:48:39Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2017-05-11T17:48:39Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2017-05-11T17:48:39Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2017-05-11T17:48:39Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2017-05-11T17:48:39Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2017-05-11T17:48:39Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2017-05-11T17:48:39Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2017-05-11T17:48:39Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2017-05-11T17:48:39Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2017-05-11T17:48:39Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2017-05-11T17:48:39Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2017-05-11T17:48:39Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2017-05-11T17:48:39Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2017-05-11T17:48:39Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2017-05-11T17:48:39Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2017-05-11T17:48:39Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2017-05-11T17:48:39Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2017-05-11T17:48:39Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2017-05-11T17:48:39Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2017-05-11T17:48:39Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2017-05-11T17:48:39Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2017-05-11T17:48:39Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2017-05-11T17:48:39Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2017-05-11T17:48:39Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2017-05-11T17:48:39Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2017-05-11T17:48:39Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2017-05-11T17:48:39Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping 2017-05-11T17:48:39Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping 2017-05-11T17:48:39Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics'] 2017-05-11T17:48:39Z DEBUG addifexist: set resourceACLS to ['certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=aclResources,o=ipaca 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG CertACLS 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG aclResources 2017-05-11T17:48:39Z DEBUG resourceACLS: 2017-05-11T17:48:39Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2017-05-11T17:48:39Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2017-05-11T17:48:39Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2017-05-11T17:48:39Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2017-05-11T17:48:39Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2017-05-11T17:48:39Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2017-05-11T17:48:39Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2017-05-11T17:48:39Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2017-05-11T17:48:39Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2017-05-11T17:48:39Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2017-05-11T17:48:39Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2017-05-11T17:48:39Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2017-05-11T17:48:39Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2017-05-11T17:48:39Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2017-05-11T17:48:39Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2017-05-11T17:48:39Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2017-05-11T17:48:39Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2017-05-11T17:48:39Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2017-05-11T17:48:39Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2017-05-11T17:48:39Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2017-05-11T17:48:39Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2017-05-11T17:48:39Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2017-05-11T17:48:39Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2017-05-11T17:48:39Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2017-05-11T17:48:39Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2017-05-11T17:48:39Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2017-05-11T17:48:39Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2017-05-11T17:48:39Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2017-05-11T17:48:39Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2017-05-11T17:48:39Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2017-05-11T17:48:39Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2017-05-11T17:48:39Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2017-05-11T17:48:39Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2017-05-11T17:48:39Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2017-05-11T17:48:39Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2017-05-11T17:48:39Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2017-05-11T17:48:39Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2017-05-11T17:48:39Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2017-05-11T17:48:39Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2017-05-11T17:48:39Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2017-05-11T17:48:39Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2017-05-11T17:48:39Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2017-05-11T17:48:39Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2017-05-11T17:48:39Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2017-05-11T17:48:39Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-externalmembers.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:48:39Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:48:39Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:48:39Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:48:39Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:48:39Z DEBUG objectclass=posixGroup 2017-05-11T17:48:39Z DEBUG memberUid=%{memberUid} 2017-05-11T17:48:39Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:48:39Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG groups 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG schema-compat-container-rdn: 2017-05-11T17:48:39Z DEBUG cn=groups 2017-05-11T17:48:39Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:48:39Z DEBUG cn=%{cn} 2017-05-11T17:48:39Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:48:39Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG schema-compat-search-filter: 2017-05-11T17:48:39Z DEBUG objectclass=posixGroup 2017-05-11T17:48:39Z DEBUG schema-compat-search-base: 2017-05-11T17:48:39Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG schema-compat-container-group: 2017-05-11T17:48:39Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG addifexist: 'ipaexternalmember=%deref_r("member","ipaexternalmember")' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:48:39Z DEBUG addifexist: set schema-compat-entry-attribute to ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'ipaexternalmember=%deref_r("member","ipaexternalmember")'] 2017-05-11T17:48:39Z DEBUG addifexist: 'objectclass=ipaexternalgroup' to schema-compat-entry-attribute, current value ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaanchoruuid=%{ipaanchoruuid}', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaexternalmember=%deref_r("member","ipaexternalmember")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2017-05-11T17:48:39Z DEBUG addifexist: set schema-compat-entry-attribute to ['%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaanchoruuid=%{ipaanchoruuid}', 'gidNumber=%{gidNumber}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")', 'memberUid=%deref_r("member","uid")', 'objectclass=posixGroup', 'memberUid=%{memberUid}', 'ipaexternalmember=%deref_r("member","ipaexternalmember")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', 'objectclass=ipaexternalgroup'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG schema-compat-entry-attribute: 2017-05-11T17:48:39Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:48:39Z DEBUG objectclass=ipaexternalgroup 2017-05-11T17:48:39Z DEBUG gidNumber=%{gidNumber} 2017-05-11T17:48:39Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","") 2017-05-11T17:48:39Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2017-05-11T17:48:39Z DEBUG objectclass=posixGroup 2017-05-11T17:48:39Z DEBUG memberUid=%{memberUid} 2017-05-11T17:48:39Z DEBUG ipaexternalmember=%deref_r("member","ipaexternalmember") 2017-05-11T17:48:39Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2017-05-11T17:48:39Z DEBUG memberUid=%deref_r("member","uid") 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG groups 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG schema-compat-container-rdn: 2017-05-11T17:48:39Z DEBUG cn=groups 2017-05-11T17:48:39Z DEBUG schema-compat-restrict-subtree: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG schema-compat-entry-rdn: 2017-05-11T17:48:39Z DEBUG cn=%{cn} 2017-05-11T17:48:39Z DEBUG schema-compat-ignore-subtree: 2017-05-11T17:48:39Z DEBUG cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG schema-compat-search-filter: 2017-05-11T17:48:39Z DEBUG objectclass=posixGroup 2017-05-11T17:48:39Z DEBUG schema-compat-search-base: 2017-05-11T17:48:39Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG schema-compat-container-group: 2017-05-11T17:48:39Z DEBUG cn=compat, dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG [(0, u'schema-compat-entry-attribute', ['objectclass=ipaexternalgroup', 'ipaexternalmember=%deref_r("member","ipaexternalmember")'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-groupuuid.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG admins 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG posixgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG gidNumber: 2017-05-11T17:48:39Z DEBUG 1301600000 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49babb8c-3671-11e7-80f1-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Account administrators group 2017-05-11T17:48:39Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'ipaobject', 'nestedGroup'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'nestedGroup', 'ipaobject'] 2017-05-11T17:48:39Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['49babb8c-3671-11e7-80f1-0050568f60a6'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG admins 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG posixgroup 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG memberOf: 2017-05-11T17:48:39Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG gidNumber: 2017-05-11T17:48:39Z DEBUG 1301600000 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49babb8c-3671-11e7-80f1-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Account administrators group 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49c0d936-3671-11e7-a988-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Default group for all users 2017-05-11T17:48:39Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'nestedgroup', 'ipausergroup', 'ipaobject'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'groupofnames', 'nestedgroup', 'ipausergroup', 'ipaobject'] 2017-05-11T17:48:39Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['49c0d936-3671-11e7-a988-0050568f60a6'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49c0d936-3671-11e7-a988-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Default group for all users 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG posixgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG gidNumber: 2017-05-11T17:48:39Z DEBUG 1301600002 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG editors 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49c15578-3671-11e7-87fc-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Limited admins who can edit other users 2017-05-11T17:48:39Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'ipaobject', 'nestedGroup'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'nestedGroup', 'ipaobject'] 2017-05-11T17:48:39Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['49c15578-3671-11e7-87fc-0050568f60a6'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG posixgroup 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG gidNumber: 2017-05-11T17:48:39Z DEBUG 1301600002 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG editors 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG 49c15578-3671-11e7-87fc-0050568f60a6 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Limited admins who can edit other users 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-hbacservice.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=crond,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=crond,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG crond 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG crond 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=crond,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG crond 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG crond 2017-05-11T17:48:39Z DEBUG New entry: cn=vsftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=vsftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG vsftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG vsftpd 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=vsftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG vsftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG vsftpd 2017-05-11T17:48:39Z DEBUG New entry: cn=proftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=proftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG proftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG proftpd 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=proftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG proftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG proftpd 2017-05-11T17:48:39Z DEBUG New entry: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG pure-ftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG pure-ftpd 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG pure-ftpd 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG pure-ftpd 2017-05-11T17:48:39Z DEBUG New entry: cn=gssftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=gssftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG gssftp 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG gssftp 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=gssftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectclass: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipahbacservice 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG gssftp 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG gssftp 2017-05-11T17:48:39Z DEBUG New entry: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipahbacservicegroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG groupOfNames 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=gssftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=proftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=vsftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Default group of ftp related services 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ftp 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipahbacservicegroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG groupOfNames 2017-05-11T17:48:39Z DEBUG nestedGroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=gssftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=proftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=vsftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Default group of ftp related services 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ftp 2017-05-11T17:48:39Z DEBUG ipauniqueid: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-ipaconfig.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaDefaultLoginShell: 2017-05-11T17:48:39Z DEBUG /bin/sh 2017-05-11T17:48:39Z DEBUG ipaCertificateSubjectBase: 2017-05-11T17:48:39Z DEBUG O=RDLG.NET 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipaConfig 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapDefault: 2017-05-11T17:48:39Z DEBUG unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaGuiConfig 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaHomesRootDir: 2017-05-11T17:48:39Z DEBUG /home 2017-05-11T17:48:39Z DEBUG ipaPwdExpAdvNotify: 2017-05-11T17:48:39Z DEBUG 4 2017-05-11T17:48:39Z DEBUG ipaUserObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG person 2017-05-11T17:48:39Z DEBUG organizationalperson 2017-05-11T17:48:39Z DEBUG inetorgperson 2017-05-11T17:48:39Z DEBUG inetuser 2017-05-11T17:48:39Z DEBUG posixaccount 2017-05-11T17:48:39Z DEBUG krbprincipalaux 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipasshuser 2017-05-11T17:48:39Z DEBUG ipaGroupSearchFields: 2017-05-11T17:48:39Z DEBUG cn,description 2017-05-11T17:48:39Z DEBUG ipaMigrationEnabled: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG ipaDefaultPrimaryGroup: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaSearchTimeLimit: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG ipaGroupObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipaDefaultEmailDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG ipaSearchRecordsLimit: 2017-05-11T17:48:39Z DEBUG 100 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapOrder: 2017-05-11T17:48:39Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG ipaConfigString: 2017-05-11T17:48:39Z DEBUG AllowNThash 2017-05-11T17:48:39Z DEBUG ipaMaxUsernameLength: 2017-05-11T17:48:39Z DEBUG 32 2017-05-11T17:48:39Z DEBUG ipaUserSearchFields: 2017-05-11T17:48:39Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2017-05-11T17:48:39Z DEBUG add: 'guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023' to ipaSELinuxUserMapOrder, current value ['guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'] 2017-05-11T17:48:39Z DEBUG add: updated value ['guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'] 2017-05-11T17:48:39Z DEBUG add: 'unconfined_u:s0-s0:c0.c1023' to ipaSELinuxUserMapDefault, current value ['unconfined_u:s0-s0:c0.c1023'] 2017-05-11T17:48:39Z DEBUG add: updated value ['unconfined_u:s0-s0:c0.c1023'] 2017-05-11T17:48:39Z DEBUG add: 'ipasshuser' to ipaUserObjectClasses, current value ['top', 'person', 'organizationalperson', 'inetorgperson', 'inetuser', 'posixaccount', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', 'ipasshuser'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'person', 'organizationalperson', 'inetorgperson', 'inetuser', 'posixaccount', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', 'ipasshuser'] 2017-05-11T17:48:39Z DEBUG remove: 'AllowLMhash' from ipaConfigString, current value ['AllowNThash'] 2017-05-11T17:48:39Z DEBUG remove: 'AllowLMhash' not in ipaConfigString 2017-05-11T17:48:39Z DEBUG add: 'ipaUserAuthTypeClass' to objectClass, current value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject'] 2017-05-11T17:48:39Z DEBUG add: updated value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject', 'ipaUserAuthTypeClass'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaDefaultLoginShell: 2017-05-11T17:48:39Z DEBUG /bin/sh 2017-05-11T17:48:39Z DEBUG ipaCertificateSubjectBase: 2017-05-11T17:48:39Z DEBUG O=RDLG.NET 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipaConfig 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapDefault: 2017-05-11T17:48:39Z DEBUG unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaGuiConfig 2017-05-11T17:48:39Z DEBUG ipaUserAuthTypeClass 2017-05-11T17:48:39Z DEBUG ipaHomesRootDir: 2017-05-11T17:48:39Z DEBUG /home 2017-05-11T17:48:39Z DEBUG ipaPwdExpAdvNotify: 2017-05-11T17:48:39Z DEBUG 4 2017-05-11T17:48:39Z DEBUG ipaUserObjectClasses: 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG person 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipasshuser 2017-05-11T17:48:39Z DEBUG inetorgperson 2017-05-11T17:48:39Z DEBUG organizationalperson 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG krbprincipalaux 2017-05-11T17:48:39Z DEBUG inetuser 2017-05-11T17:48:39Z DEBUG posixaccount 2017-05-11T17:48:39Z DEBUG ipaGroupSearchFields: 2017-05-11T17:48:39Z DEBUG cn,description 2017-05-11T17:48:39Z DEBUG ipaMigrationEnabled: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG ipaDefaultPrimaryGroup: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaSearchTimeLimit: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG ipaGroupObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipaDefaultEmailDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG ipaSearchRecordsLimit: 2017-05-11T17:48:39Z DEBUG 100 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapOrder: 2017-05-11T17:48:39Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG ipaConfigString: 2017-05-11T17:48:39Z DEBUG AllowNThash 2017-05-11T17:48:39Z DEBUG ipaMaxUsernameLength: 2017-05-11T17:48:39Z DEBUG 32 2017-05-11T17:48:39Z DEBUG ipaUserSearchFields: 2017-05-11T17:48:39Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2017-05-11T17:48:39Z DEBUG [(0, u'objectClass', ['ipaUserAuthTypeClass'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-krbenctypes.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG krbSubTrees: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG RDLG.NET 2017-05-11T17:48:39Z DEBUG krbDefaultEncSaltTypes: 2017-05-11T17:48:39Z DEBUG aes256-cts:special 2017-05-11T17:48:39Z DEBUG aes128-cts:special 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG krbrealmcontainer 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG krbSearchScope: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG krbSupportedEncSaltTypes: 2017-05-11T17:48:39Z DEBUG aes256-cts:normal 2017-05-11T17:48:39Z DEBUG aes256-cts:special 2017-05-11T17:48:39Z DEBUG aes128-cts:normal 2017-05-11T17:48:39Z DEBUG aes128-cts:special 2017-05-11T17:48:39Z DEBUG des3-hmac-sha1:normal 2017-05-11T17:48:39Z DEBUG des3-hmac-sha1:special 2017-05-11T17:48:39Z DEBUG arcfour-hmac:normal 2017-05-11T17:48:39Z DEBUG arcfour-hmac:special 2017-05-11T17:48:39Z DEBUG camellia128-cts-cmac:normal 2017-05-11T17:48:39Z DEBUG camellia128-cts-cmac:special 2017-05-11T17:48:39Z DEBUG camellia256-cts-cmac:normal 2017-05-11T17:48:39Z DEBUG camellia256-cts-cmac:special 2017-05-11T17:48:39Z DEBUG krbMaxTicketLife: 2017-05-11T17:48:39Z DEBUG 86400 2017-05-11T17:48:39Z DEBUG krbMKey: 2017-05-11T17:48:39Z DEBUG XXXXXXXX 2017-05-11T17:48:39Z DEBUG krbPwdPolicyReference: 2017-05-11T17:48:39Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG krbMaxRenewableAge: 2017-05-11T17:48:39Z DEBUG 604800 2017-05-11T17:48:39Z DEBUG add: 'camellia128-cts-cmac:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special'] 2017-05-11T17:48:39Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal'] 2017-05-11T17:48:39Z DEBUG add: 'camellia128-cts-cmac:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'camellia128-cts-cmac:special', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special'] 2017-05-11T17:48:39Z DEBUG add: updated value ['aes256-cts:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special', 'camellia128-cts-cmac:special'] 2017-05-11T17:48:39Z DEBUG add: 'camellia256-cts-cmac:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'camellia128-cts-cmac:special', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special'] 2017-05-11T17:48:39Z DEBUG add: updated value ['aes256-cts:special', 'camellia256-cts-cmac:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'camellia128-cts-cmac:special', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special', 'camellia256-cts-cmac:normal'] 2017-05-11T17:48:39Z DEBUG add: 'camellia256-cts-cmac:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'camellia128-cts-cmac:special', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special'] 2017-05-11T17:48:39Z DEBUG add: updated value ['aes256-cts:special', 'camellia256-cts-cmac:normal', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'arcfour-hmac:normal', 'camellia128-cts-cmac:special', 'aes256-cts:normal', 'des3-hmac-sha1:special', 'des3-hmac-sha1:normal', 'arcfour-hmac:special', 'camellia256-cts-cmac:special'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG krbSubTrees: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG RDLG.NET 2017-05-11T17:48:39Z DEBUG krbDefaultEncSaltTypes: 2017-05-11T17:48:39Z DEBUG aes256-cts:special 2017-05-11T17:48:39Z DEBUG aes128-cts:special 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG krbrealmcontainer 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG krbSearchScope: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG krbSupportedEncSaltTypes: 2017-05-11T17:48:39Z DEBUG aes256-cts:special 2017-05-11T17:48:39Z DEBUG camellia256-cts-cmac:normal 2017-05-11T17:48:39Z DEBUG camellia256-cts-cmac:special 2017-05-11T17:48:39Z DEBUG aes128-cts:normal 2017-05-11T17:48:39Z DEBUG aes128-cts:special 2017-05-11T17:48:39Z DEBUG camellia128-cts-cmac:normal 2017-05-11T17:48:39Z DEBUG arcfour-hmac:normal 2017-05-11T17:48:39Z DEBUG camellia128-cts-cmac:special 2017-05-11T17:48:39Z DEBUG aes256-cts:normal 2017-05-11T17:48:39Z DEBUG des3-hmac-sha1:special 2017-05-11T17:48:39Z DEBUG des3-hmac-sha1:normal 2017-05-11T17:48:39Z DEBUG arcfour-hmac:special 2017-05-11T17:48:39Z DEBUG krbMaxTicketLife: 2017-05-11T17:48:39Z DEBUG 86400 2017-05-11T17:48:39Z DEBUG krbMKey: 2017-05-11T17:48:39Z DEBUG XXXXXXXX 2017-05-11T17:48:39Z DEBUG krbPwdPolicyReference: 2017-05-11T17:48:39Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG krbMaxRenewableAge: 2017-05-11T17:48:39Z DEBUG 604800 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/50-nis.update' 2017-05-11T17:48:39Z DEBUG Executing upgrade plugin: update_nis_configuration 2017-05-11T17:48:39Z DEBUG raw: update_nis_configuration 2017-05-11T17:48:39Z DEBUG Skipping NIS update, NIS Server is not configured 2017-05-11T17:48:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:39Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/55-pbacmemberof.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=Update PBAC memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Update PBAC memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG add: 'top' to objectClass, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['top'] 2017-05-11T17:48:39Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'extensibleObject'] 2017-05-11T17:48:39Z DEBUG add: 'IPA PBAC memberOf 137138177' to cn, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['IPA PBAC memberOf 137138177'] 2017-05-11T17:48:39Z DEBUG add: 'cn=privileges,cn=pbac,dc=rdlg,dc=net' to basedn, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=privileges,cn=pbac,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: '(objectclass=*)' to filter, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['(objectclass=*)'] 2017-05-11T17:48:39Z DEBUG add: '10' to ttl, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['10'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Update PBAC memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG filter: 2017-05-11T17:48:39Z DEBUG (objectclass=*) 2017-05-11T17:48:39Z DEBUG basedn: 2017-05-11T17:48:39Z DEBUG cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IPA PBAC memberOf 137138177 2017-05-11T17:48:39Z DEBUG ttl: 2017-05-11T17:48:39Z DEBUG 10 2017-05-11T17:48:39Z DEBUG New entry: cn=Update Role memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Update Role memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG add: 'top' to objectClass, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['top'] 2017-05-11T17:48:39Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'extensibleObject'] 2017-05-11T17:48:39Z DEBUG add: 'Update Role memberOf 137138177' to cn, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['Update Role memberOf 137138177'] 2017-05-11T17:48:39Z DEBUG add: 'cn=roles,cn=accounts,dc=rdlg,dc=net' to basedn, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=roles,cn=accounts,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: '(objectclass=*)' to filter, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['(objectclass=*)'] 2017-05-11T17:48:39Z DEBUG add: '10' to ttl, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['10'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Update Role memberOf 137138177,cn=memberof task,cn=tasks,cn=config 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG filter: 2017-05-11T17:48:39Z DEBUG (objectclass=*) 2017-05-11T17:48:39Z DEBUG basedn: 2017-05-11T17:48:39Z DEBUG cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Update Role memberOf 137138177 2017-05-11T17:48:39Z DEBUG ttl: 2017-05-11T17:48:39Z DEBUG 10 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/59-trusts-sysacount.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG GroupOfNames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG adtrust agents 2017-05-11T17:48:39Z DEBUG add: 'nestedgroup' to objectClass, current value ['GroupOfNames', 'top'] 2017-05-11T17:48:39Z DEBUG add: updated value ['GroupOfNames', 'top', 'nestedgroup'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG GroupOfNames 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG adtrust agents 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/60-trusts.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trust admins 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG nsAccountLock: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Trusts administrators group 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trust admins 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaUniqueID: 2017-05-11T17:48:39Z DEBUG autogenerate 2017-05-11T17:48:39Z DEBUG nsAccountLock: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG Trusts administrators group 2017-05-11T17:48:39Z DEBUG New entry: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ADTrust Agents 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG System accounts able to access trust information 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG member: 2017-05-11T17:48:39Z DEBUG cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ADTrust Agents 2017-05-11T17:48:39Z DEBUG description: 2017-05-11T17:48:39Z DEBUG System accounts able to access trust information 2017-05-11T17:48:39Z DEBUG New entry: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trusts 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trusts 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trusts 2017-05-11T17:48:39Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)' to aci, current value [] 2017-05-11T17:48:39Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2017-05-11T17:48:39Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2017-05-11T17:48:39Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG add: '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' to aci, current value ['(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2017-05-11T17:48:39Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG replace: updated value ['(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG replace: (target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) not found, skipping 2017-05-11T17:48:39Z DEBUG add: '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)' to aci, current value ['(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2017-05-11T17:48:39Z DEBUG add: updated value ['(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG trusts 2017-05-11T17:48:39Z DEBUG [(2, u'aci', ['(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(target = "ldap:///cn=trusts,dc=rdlg,dc=net")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG info: 2017-05-11T17:48:39Z DEBUG IPA V2.0 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG domain 2017-05-11T17:48:39Z DEBUG pilotObject 2017-05-11T17:48:39Z DEBUG nisDomainObject 2017-05-11T17:48:39Z DEBUG domainRelatedObject 2017-05-11T17:48:39Z DEBUG associatedDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG dc: 2017-05-11T17:48:39Z DEBUG rdlg 2017-05-11T17:48:39Z DEBUG nisDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:39Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:39Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG add: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG remove: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read NT passwords"; allow (read) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' from aci, current value ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)'] 2017-05-11T17:48:39Z DEBUG remove: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read NT passwords"; allow (read) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)' not in aci 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG info: 2017-05-11T17:48:39Z DEBUG IPA V2.0 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG domain 2017-05-11T17:48:39Z DEBUG pilotObject 2017-05-11T17:48:39Z DEBUG nisDomainObject 2017-05-11T17:48:39Z DEBUG domainRelatedObject 2017-05-11T17:48:39Z DEBUG associatedDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG dc: 2017-05-11T17:48:39Z DEBUG rdlg 2017-05-11T17:48:39Z DEBUG nisDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate with subjectaltname,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate with SubjectAltName"; allow (write) groupdn = "ldap:///cn=Request Certificate with SubjectAltName,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:39Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2017-05-11T17:48:39Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2017-05-11T17:48:39Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG [(0, u'aci', ['(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";)'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaDefaultLoginShell: 2017-05-11T17:48:39Z DEBUG /bin/sh 2017-05-11T17:48:39Z DEBUG ipaCertificateSubjectBase: 2017-05-11T17:48:39Z DEBUG O=RDLG.NET 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipaConfig 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapDefault: 2017-05-11T17:48:39Z DEBUG unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaGuiConfig 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaUserAuthTypeClass 2017-05-11T17:48:39Z DEBUG ipaHomesRootDir: 2017-05-11T17:48:39Z DEBUG /home 2017-05-11T17:48:39Z DEBUG ipaPwdExpAdvNotify: 2017-05-11T17:48:39Z DEBUG 4 2017-05-11T17:48:39Z DEBUG ipaUserObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG person 2017-05-11T17:48:39Z DEBUG organizationalperson 2017-05-11T17:48:39Z DEBUG inetorgperson 2017-05-11T17:48:39Z DEBUG inetuser 2017-05-11T17:48:39Z DEBUG posixaccount 2017-05-11T17:48:39Z DEBUG krbprincipalaux 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipasshuser 2017-05-11T17:48:39Z DEBUG ipaGroupSearchFields: 2017-05-11T17:48:39Z DEBUG cn,description 2017-05-11T17:48:39Z DEBUG ipaMigrationEnabled: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG ipaDefaultPrimaryGroup: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaSearchTimeLimit: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG ipaGroupObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipaDefaultEmailDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG ipaSearchRecordsLimit: 2017-05-11T17:48:39Z DEBUG 100 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapOrder: 2017-05-11T17:48:39Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG ipaConfigString: 2017-05-11T17:48:39Z DEBUG AllowNThash 2017-05-11T17:48:39Z DEBUG ipaMaxUsernameLength: 2017-05-11T17:48:39Z DEBUG 32 2017-05-11T17:48:39Z DEBUG ipaUserSearchFields: 2017-05-11T17:48:39Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2017-05-11T17:48:39Z DEBUG addifnew: 'MS-PAC' to ipaKrbAuthzData, current value [] 2017-05-11T17:48:39Z DEBUG addifnew: set ipaKrbAuthzData to ['MS-PAC'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG ipaDefaultLoginShell: 2017-05-11T17:48:39Z DEBUG /bin/sh 2017-05-11T17:48:39Z DEBUG ipaCertificateSubjectBase: 2017-05-11T17:48:39Z DEBUG O=RDLG.NET 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipaConfig 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapDefault: 2017-05-11T17:48:39Z DEBUG unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaGuiConfig 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaUserAuthTypeClass 2017-05-11T17:48:39Z DEBUG ipaKrbAuthzData: 2017-05-11T17:48:39Z DEBUG MS-PAC 2017-05-11T17:48:39Z DEBUG ipaHomesRootDir: 2017-05-11T17:48:39Z DEBUG /home 2017-05-11T17:48:39Z DEBUG ipaPwdExpAdvNotify: 2017-05-11T17:48:39Z DEBUG 4 2017-05-11T17:48:39Z DEBUG ipaUserObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG person 2017-05-11T17:48:39Z DEBUG organizationalperson 2017-05-11T17:48:39Z DEBUG inetorgperson 2017-05-11T17:48:39Z DEBUG inetuser 2017-05-11T17:48:39Z DEBUG posixaccount 2017-05-11T17:48:39Z DEBUG krbprincipalaux 2017-05-11T17:48:39Z DEBUG krbticketpolicyaux 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipasshuser 2017-05-11T17:48:39Z DEBUG ipaGroupSearchFields: 2017-05-11T17:48:39Z DEBUG cn,description 2017-05-11T17:48:39Z DEBUG ipaMigrationEnabled: 2017-05-11T17:48:39Z DEBUG FALSE 2017-05-11T17:48:39Z DEBUG ipaDefaultPrimaryGroup: 2017-05-11T17:48:39Z DEBUG ipausers 2017-05-11T17:48:39Z DEBUG ipaSearchTimeLimit: 2017-05-11T17:48:39Z DEBUG 2 2017-05-11T17:48:39Z DEBUG ipaGroupObjectClasses: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG groupofnames 2017-05-11T17:48:39Z DEBUG nestedgroup 2017-05-11T17:48:39Z DEBUG ipausergroup 2017-05-11T17:48:39Z DEBUG ipaobject 2017-05-11T17:48:39Z DEBUG ipaDefaultEmailDomain: 2017-05-11T17:48:39Z DEBUG rdlg.net 2017-05-11T17:48:39Z DEBUG ipaSearchRecordsLimit: 2017-05-11T17:48:39Z DEBUG 100 2017-05-11T17:48:39Z DEBUG ipaSELinuxUserMapOrder: 2017-05-11T17:48:39Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2017-05-11T17:48:39Z DEBUG ipaConfigString: 2017-05-11T17:48:39Z DEBUG AllowNThash 2017-05-11T17:48:39Z DEBUG ipaMaxUsernameLength: 2017-05-11T17:48:39Z DEBUG 32 2017-05-11T17:48:39Z DEBUG ipaUserSearchFields: 2017-05-11T17:48:39Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2017-05-11T17:48:39Z DEBUG [(2, u'ipaKrbAuthzData', ['MS-PAC'])] 2017-05-11T17:48:39Z DEBUG Updated 1 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/61-trusts-s4u2proxy.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupOfPrincipals 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa-cifs-delegation-targets 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG groupOfPrincipals 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa-cifs-delegation-targets 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:39Z DEBUG groupOfPrincipals 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG memberPrincipal: 2017-05-11T17:48:39Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:39Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:39Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa-http-delegation 2017-05-11T17:48:39Z DEBUG add: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net' to ipaAllowedTarget, current value ['cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net', 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG add: updated value ['cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net', 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaKrb5DelegationACL 2017-05-11T17:48:39Z DEBUG groupOfPrincipals 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG memberPrincipal: 2017-05-11T17:48:39Z DEBUG HTTP/ipa.rdlg.net@RDLG.NET 2017-05-11T17:48:39Z DEBUG ipaAllowedTarget: 2017-05-11T17:48:39Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa-http-delegation 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/62-ranges.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ranges 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@RDLG.NET,cn=services,cn=accounts,dc=rdlg,dc=net" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ranges 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=IPA Range-Check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=IPA Range-Check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:39Z DEBUG IPA ID range check plugin 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IPA Range-Check 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:39Z DEBUG FreeIPA/1.0 2017-05-11T17:48:39Z DEBUG nsslapd-basedn: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:39Z DEBUG Check if newly added or modified ID ranges do not overlap with existing ones 2017-05-11T17:48:39Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:39Z DEBUG on 2017-05-11T17:48:39Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:39Z DEBUG libipa_range_check 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSlapdPlugin 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:39Z DEBUG database 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:39Z DEBUG FreeIPA project 2017-05-11T17:48:39Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:39Z DEBUG preoperation 2017-05-11T17:48:39Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:39Z DEBUG ipa_range_check_init 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=IPA Range-Check,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG nsslapd-pluginId: 2017-05-11T17:48:39Z DEBUG IPA ID range check plugin 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG IPA Range-Check 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVersion: 2017-05-11T17:48:39Z DEBUG FreeIPA/1.0 2017-05-11T17:48:39Z DEBUG nsslapd-basedn: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsslapd-pluginDescription: 2017-05-11T17:48:39Z DEBUG Check if newly added or modified ID ranges do not overlap with existing ones 2017-05-11T17:48:39Z DEBUG nsslapd-pluginEnabled: 2017-05-11T17:48:39Z DEBUG on 2017-05-11T17:48:39Z DEBUG nsslapd-pluginPath: 2017-05-11T17:48:39Z DEBUG libipa_range_check 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSlapdPlugin 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG nsslapd-plugin-depends-on-type: 2017-05-11T17:48:39Z DEBUG database 2017-05-11T17:48:39Z DEBUG nsslapd-pluginVendor: 2017-05-11T17:48:39Z DEBUG FreeIPA project 2017-05-11T17:48:39Z DEBUG nsslapd-pluginType: 2017-05-11T17:48:39Z DEBUG preoperation 2017-05-11T17:48:39Z DEBUG nsslapd-pluginInitfunc: 2017-05-11T17:48:39Z DEBUG ipa_range_check_init 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG dnaScope: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG dnaThreshold: 2017-05-11T17:48:39Z DEBUG 500 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Posix IDs 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG dnaMagicRegen: 2017-05-11T17:48:39Z DEBUG -1 2017-05-11T17:48:39Z DEBUG dnaNextValue: 2017-05-11T17:48:39Z DEBUG 1301600000 2017-05-11T17:48:39Z DEBUG dnaExcludeScope: 2017-05-11T17:48:39Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG dnaFilter: 2017-05-11T17:48:39Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:39Z DEBUG dnaType: 2017-05-11T17:48:39Z DEBUG uidNumber 2017-05-11T17:48:39Z DEBUG gidNumber 2017-05-11T17:48:39Z DEBUG dnaMaxValue: 2017-05-11T17:48:39Z DEBUG 1301799999 2017-05-11T17:48:39Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:39Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG replace: (|(objectclass=posixAccount)(objectClass=posixGroup)) not found, skipping 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2017-05-11T17:48:39Z DEBUG dnaScope: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG dnaThreshold: 2017-05-11T17:48:39Z DEBUG 500 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Posix IDs 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG extensibleObject 2017-05-11T17:48:39Z DEBUG aci: 2017-05-11T17:48:39Z DEBUG (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";) 2017-05-11T17:48:39Z DEBUG dnaMagicRegen: 2017-05-11T17:48:39Z DEBUG -1 2017-05-11T17:48:39Z DEBUG dnaNextValue: 2017-05-11T17:48:39Z DEBUG 1301600000 2017-05-11T17:48:39Z DEBUG dnaExcludeScope: 2017-05-11T17:48:39Z DEBUG cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG dnaFilter: 2017-05-11T17:48:39Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2017-05-11T17:48:39Z DEBUG dnaType: 2017-05-11T17:48:39Z DEBUG uidNumber 2017-05-11T17:48:39Z DEBUG gidNumber 2017-05-11T17:48:39Z DEBUG dnaMaxValue: 2017-05-11T17:48:39Z DEBUG 1301799999 2017-05-11T17:48:39Z DEBUG dnaSharedCfgDN: 2017-05-11T17:48:39Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/71-idviews-sasl-mapping.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:48:39Z DEBUG nsSaslMapPriority: 2017-05-11T17:48:39Z DEBUG 20 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ID Overridden Principal 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSaslMapping 2017-05-11T17:48:39Z DEBUG nsSaslMapRegexString: 2017-05-11T17:48:39Z DEBUG \(.*\)@\(.*\) 2017-05-11T17:48:39Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:48:39Z DEBUG cn=default trust view,cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:48:39Z DEBUG (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride)) 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2017-05-11T17:48:39Z DEBUG nsSaslMapPriority: 2017-05-11T17:48:39Z DEBUG 20 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ID Overridden Principal 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsSaslMapping 2017-05-11T17:48:39Z DEBUG nsSaslMapRegexString: 2017-05-11T17:48:39Z DEBUG \(.*\)@\(.*\) 2017-05-11T17:48:39Z DEBUG nsSaslMapBaseDNTemplate: 2017-05-11T17:48:39Z DEBUG cn=default trust view,cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG nsSaslMapFilterTemplate: 2017-05-11T17:48:39Z DEBUG (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride)) 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/71-idviews.update' 2017-05-11T17:48:39Z DEBUG New entry: cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG views 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG views 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/72-domainlevels.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG ipaDomainLevelConfig 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaDomainLevel: 2017-05-11T17:48:39Z DEBUG 1 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Domain Level 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG ipaDomainLevelConfig 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaDomainLevel: 2017-05-11T17:48:39Z DEBUG 1 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG Domain Level 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:39Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:39Z DEBUG 1 2017-05-11T17:48:39Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:39Z DEBUG 0 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa.rdlg.net 2017-05-11T17:48:39Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG add: 'ipaConfigObject' to objectClass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2017-05-11T17:48:39Z DEBUG add: updated value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaSupportedDomainLevelConfig', 'ipaConfigObject'] 2017-05-11T17:48:39Z DEBUG add: 'ipaSupportedDomainLevelConfig' to objectClass, current value ['ipaConfigObject', 'nsContainer', 'top', 'ipaReplTopoManagedServer', 'ipaSupportedDomainLevelConfig'] 2017-05-11T17:48:39Z DEBUG add: updated value ['ipaConfigObject', 'nsContainer', 'top', 'ipaReplTopoManagedServer', 'ipaSupportedDomainLevelConfig'] 2017-05-11T17:48:39Z DEBUG only: set ipaMinDomainLevel to '0', current value ['0'] 2017-05-11T17:48:39Z DEBUG only: updated value ['0'] 2017-05-11T17:48:39Z DEBUG only: set ipaMaxDomainLevel to '1', current value ['1'] 2017-05-11T17:48:39Z DEBUG only: updated value ['1'] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG ipaConfigObject 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:39Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:39Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:39Z DEBUG 1 2017-05-11T17:48:39Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:39Z DEBUG 0 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG ipa.rdlg.net 2017-05-11T17:48:39Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:39Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG custodia 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG custodia 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG dogtag 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG objectClass: 2017-05-11T17:48:39Z DEBUG nsContainer 2017-05-11T17:48:39Z DEBUG top 2017-05-11T17:48:39Z DEBUG cn: 2017-05-11T17:48:39Z DEBUG dogtag 2017-05-11T17:48:39Z DEBUG [] 2017-05-11T17:48:39Z DEBUG Updated 0 2017-05-11T17:48:39Z DEBUG Done 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/73-winsync.update' 2017-05-11T17:48:39Z DEBUG New entry: uid=passsync,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Initial value 2017-05-11T17:48:39Z DEBUG dn: uid=passsync,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG addifexist: 'inetUser' to objectClass, current value [] 2017-05-11T17:48:39Z DEBUG --------------------------------------------- 2017-05-11T17:48:39Z DEBUG Final value after applying updates 2017-05-11T17:48:39Z DEBUG dn: uid=passsync,cn=sysaccounts,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:39Z DEBUG Parsing update file '/usr/share/ipa/updates/90-post_upgrade_plugins.update' 2017-05-11T17:48:39Z DEBUG Executing upgrade plugin: update_ca_topology 2017-05-11T17:48:39Z DEBUG raw: update_ca_topology 2017-05-11T17:48:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:39Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.aci 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.automember 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.automount 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.batch 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.ca 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.cert 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.config 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.dns 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.group 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.host 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.internal 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.join 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.location 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.migration 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.misc 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.otp 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.permission 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.ping 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.role 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.schema 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.server 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.service 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.session 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.topology 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.trust 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.user 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.vault 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-05-11T17:48:39Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-05-11T17:48:39Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-05-11T17:48:39Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-05-11T17:48:40Z DEBUG Created connection context.ldap2_272328528 2017-05-11T17:48:40Z DEBUG Destroyed connection context.ldap2_272328528 2017-05-11T17:48:40Z DEBUG Created connection context.ldap2_272328528 2017-05-11T17:48:40Z DEBUG Parsing update file '/usr/share/ipa/ca-topology.uldif' 2017-05-11T17:48:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:48:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xe3f5560> 2017-05-11T17:48:40Z DEBUG Updating existing entry: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Initial value 2017-05-11T17:48:40Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG objectClass: 2017-05-11T17:48:40Z DEBUG top 2017-05-11T17:48:40Z DEBUG nsContainer 2017-05-11T17:48:40Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:40Z DEBUG ipaConfigObject 2017-05-11T17:48:40Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:40Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:40Z DEBUG 1 2017-05-11T17:48:40Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:40Z DEBUG 0 2017-05-11T17:48:40Z DEBUG cn: 2017-05-11T17:48:40Z DEBUG ipa.rdlg.net 2017-05-11T17:48:40Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:40Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG add: 'ipaReplTopoManagedServer' to objectclass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2017-05-11T17:48:40Z DEBUG add: updated value ['top', 'nsContainer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig', 'ipaReplTopoManagedServer'] 2017-05-11T17:48:40Z DEBUG add: 'o=ipaca' to ipaReplTopoManagedSuffix, current value ['dc=rdlg,dc=net'] 2017-05-11T17:48:40Z DEBUG add: updated value ['dc=rdlg,dc=net', 'o=ipaca'] 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Final value after applying updates 2017-05-11T17:48:40Z DEBUG dn: cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG objectClass: 2017-05-11T17:48:40Z DEBUG ipaConfigObject 2017-05-11T17:48:40Z DEBUG nsContainer 2017-05-11T17:48:40Z DEBUG top 2017-05-11T17:48:40Z DEBUG ipaSupportedDomainLevelConfig 2017-05-11T17:48:40Z DEBUG ipaReplTopoManagedServer 2017-05-11T17:48:40Z DEBUG ipaMaxDomainLevel: 2017-05-11T17:48:40Z DEBUG 1 2017-05-11T17:48:40Z DEBUG ipaMinDomainLevel: 2017-05-11T17:48:40Z DEBUG 0 2017-05-11T17:48:40Z DEBUG cn: 2017-05-11T17:48:40Z DEBUG ipa.rdlg.net 2017-05-11T17:48:40Z DEBUG ipaReplTopoManagedSuffix: 2017-05-11T17:48:40Z DEBUG dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG o=ipaca 2017-05-11T17:48:40Z DEBUG [(0, u'ipaReplTopoManagedSuffix', ['o=ipaca'])] 2017-05-11T17:48:40Z DEBUG Updated 1 2017-05-11T17:48:40Z DEBUG Done 2017-05-11T17:48:40Z DEBUG New entry: cn=ca,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Initial value 2017-05-11T17:48:40Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG objectclass: 2017-05-11T17:48:40Z DEBUG top 2017-05-11T17:48:40Z DEBUG iparepltopoconf 2017-05-11T17:48:40Z DEBUG cn: 2017-05-11T17:48:40Z DEBUG ca 2017-05-11T17:48:40Z DEBUG ipaReplTopoConfRoot: 2017-05-11T17:48:40Z DEBUG o=ipaca 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Final value after applying updates 2017-05-11T17:48:40Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:40Z DEBUG objectclass: 2017-05-11T17:48:40Z DEBUG top 2017-05-11T17:48:40Z DEBUG iparepltopoconf 2017-05-11T17:48:40Z DEBUG cn: 2017-05-11T17:48:40Z DEBUG ca 2017-05-11T17:48:40Z DEBUG ipaReplTopoConfRoot: 2017-05-11T17:48:40Z DEBUG o=ipaca 2017-05-11T17:48:40Z DEBUG New entry: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Initial value 2017-05-11T17:48:40Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:48:40Z DEBUG onlyifexist: 'cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net' to nsds5replicabinddngroup, current value [] 2017-05-11T17:48:40Z DEBUG --------------------------------------------- 2017-05-11T17:48:40Z DEBUG Final value after applying updates 2017-05-11T17:48:40Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2017-05-11T17:48:40Z DEBUG Destroyed connection context.ldap2_272328528 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_ipaconfigstring_dnsversion_to_ipadnsversion 2017-05-11T17:48:40Z DEBUG raw: update_ipaconfigstring_dnsversion_to_ipadnsversion 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_dnszones 2017-05-11T17:48:40Z DEBUG raw: update_dnszones 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_dns_limits 2017-05-11T17:48:40Z DEBUG raw: update_dns_limits 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_sigden_extdom_broken_config 2017-05-11T17:48:40Z DEBUG raw: update_sigden_extdom_broken_config 2017-05-11T17:48:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:40Z DEBUG configured basedn for cn=IPA SIDGEN,cn=plugins,cn=config is okay 2017-05-11T17:48:40Z DEBUG configured basedn for cn=ipa_extdom_extop,cn=plugins,cn=config is okay 2017-05-11T17:48:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_sids 2017-05-11T17:48:40Z DEBUG raw: update_sids 2017-05-11T17:48:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:40Z DEBUG SIDs do not need to be generated 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_default_range 2017-05-11T17:48:40Z DEBUG raw: update_default_range 2017-05-11T17:48:40Z DEBUG default_range: ipaDomainIDRange entry found, skip plugin 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_default_trust_view 2017-05-11T17:48:40Z DEBUG raw: update_default_trust_view 2017-05-11T17:48:40Z DEBUG raw: adtrust_is_enabled(version=u'2.213') 2017-05-11T17:48:40Z DEBUG adtrust_is_enabled(version=u'2.213') 2017-05-11T17:48:40Z DEBUG AD Trusts are not enabled on this server 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_ca_renewal_master 2017-05-11T17:48:40Z DEBUG raw: update_ca_renewal_master 2017-05-11T17:48:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:40Z DEBUG found CA renewal master ipa.rdlg.net 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_idrange_type 2017-05-11T17:48:40Z DEBUG raw: update_idrange_type 2017-05-11T17:48:40Z DEBUG update_idrange_type: search for ID ranges with no type set 2017-05-11T17:48:40Z DEBUG update_idrange_type: no ID range without type set found 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_pacs 2017-05-11T17:48:40Z DEBUG raw: update_pacs 2017-05-11T17:48:40Z DEBUG Adding nfs:NONE to default PAC types 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_service_principalalias 2017-05-11T17:48:40Z DEBUG raw: update_service_principalalias 2017-05-11T17:48:40Z DEBUG update_service_principalalias: search for affected services 2017-05-11T17:48:40Z DEBUG update_service_principalalias: found 3 services to update, truncated: False 2017-05-11T17:48:40Z DEBUG update_service_principalalias: all affected services updated 2017-05-11T17:48:40Z DEBUG Executing upgrade plugin: update_upload_cacrt 2017-05-11T17:48:40Z DEBUG raw: update_upload_cacrt 2017-05-11T17:48:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-05-11T17:48:40Z DEBUG raw: ca_is_enabled(version=u'2.213') 2017-05-11T17:48:40Z DEBUG ca_is_enabled(version=u'2.213') 2017-05-11T17:48:40Z DEBUG Starting external process 2017-05-11T17:48:40Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L 2017-05-11T17:48:41Z DEBUG Process finished, return code=0 2017-05-11T17:48:41Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u ipaCert u,u,u Server-Cert u,u,u RDLG.NET IPA CA CT,C,C 2017-05-11T17:48:41Z DEBUG stderr= 2017-05-11T17:48:41Z DEBUG Starting external process 2017-05-11T17:48:41Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a 2017-05-11T17:48:41Z DEBUG Process finished, return code=0 2017-05-11T17:48:41Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTE3 NDQwMVoXDTM3MDUxMTE3NDQwMVowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALnJakyrA13VrYtLC6x8MoahHoQXxC1u3LcNOap8dFZ0t9yGafJ+ YtELncYDlmXLZ1gYMux/DyMfPkaAxFSJ58XbtOPcchI4OmJitTeeEIPLuicQfGtj 9+YiNJIUGerKhgqGwB2b6ncqg9T5WVN2ASTgu3hIiok5HB6zIC+RnDdz3b2i9dvZ lvpz4TrgNFWAtbVOyem+WjIDBHea8Hfn65WBXo7Q34hpa1DmkAFT7KmUVRSLC+Tv SKBe7/0bhpQ6OoZC4K7zr5ByT9tECouevW0RaG7xJrLbY8auJ+E4SYtZIgj6iFAU AO/z4TExNLjeW8WUdTVgSsXUrStGYU+BF+8CAwEAAaOBoDCBnTAfBgNVHSMEGDAW gBSODs52u8ddqyqUuAWo29zZZz1utDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQUjg7OdrvHXasqlLgFqNvc2Wc9brQwOgYIKwYBBQUH AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j c3AwDQYJKoZIhvcNAQELBQADggEBALArtN/cCIaunX14ZmzOMbLuFSYHSkxqQPVV SVIaghCort+oZzT3jD2lVnAGAZqHwHh6MoO2pLtOzD0gCvSO1m2ETkiAKdtp+PMQ XHD+35yZj41kK4OXVpc7gQz3XxtsFBEbADmghBY0ARmy+7rptM5p2h58nK7HJoDU EoIvsKIxhYDXWHnPnL52Keh4mqvSlQpkp8bgn91/w3ySHyvsH1RO7natqI3843Mk Mi4ZYMuUV3ehTa6AyAg+6+7RVUckEyOMbk1Chlp7qDzFj9IKBze9drGYJnQ5k4Ng hccpiN7/MbaucwYOz5jqycitgHugeUi/q2iSZx5sztyel/frsRo= -----END CERTIFICATE----- 2017-05-11T17:48:41Z DEBUG stderr= 2017-05-11T17:48:41Z DEBUG Executing upgrade plugin: update_master_to_dnsforwardzones 2017-05-11T17:48:41Z DEBUG raw: update_master_to_dnsforwardzones 2017-05-11T17:48:41Z DEBUG raw: dnsconfig_show(all=True, version=u'2.213') 2017-05-11T17:48:41Z DEBUG dnsconfig_show(rights=False, all=True, raw=False, version=u'2.213') 2017-05-11T17:48:41Z DEBUG Executing upgrade plugin: update_dnsforward_emptyzones 2017-05-11T17:48:41Z DEBUG raw: update_dnsforward_emptyzones 2017-05-11T17:48:41Z DEBUG raw: dnsconfig_show(all=True, version=u'2.213') 2017-05-11T17:48:41Z DEBUG dnsconfig_show(rights=False, all=True, raw=False, version=u'2.213') 2017-05-11T17:48:41Z DEBUG Executing upgrade plugin: update_managed_post 2017-05-11T17:48:41Z DEBUG raw: update_managed_post 2017-05-11T17:48:41Z DEBUG Executing upgrade plugin: update_managed_permissions 2017-05-11T17:48:41Z DEBUG raw: update_managed_permissions 2017-05-11T17:48:41Z DEBUG Anonymous ACI not found 2017-05-11T17:48:41Z DEBUG Updating managed permissions for automember 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Automember Definitions 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Automember Definitions 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "automemberdefaultgroup || automemberdisabled || automemberfilter || automembergroupingattr || automemberscope || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberdefinition)")(version 3.0;acl "permission:System: Read Automember Definitions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Definitions,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Automember Rules 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Automember Rules 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "automemberexclusiveregex || automemberinclusiveregex || automembertargetgroup || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberregexrule)")(version 3.0;acl "permission:System: Read Automember Rules";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Rules,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automember,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Automember Tasks 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Automember Tasks 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membership,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Tasks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Tasks,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=tasks,cn=config 2017-05-11T17:48:41Z DEBUG Updating managed permissions for automountkey 2017-05-11T17:48:41Z DEBUG Legacy permission Add Automount keys not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add Automount Keys 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add Automount Keys 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Add Automount Keys";allow (add) groupdn = "ldap:///cn=System: Add Automount Keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Automount keys not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Automount Keys 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Automount Keys 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "automountinformation || automountkey || description")(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Modify Automount Keys";allow (write) groupdn = "ldap:///cn=System: Modify Automount Keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Remove Automount keys not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Remove Automount Keys 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Remove Automount Keys 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Remove Automount Keys";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for automountlocation 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add Automount Locations 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add Automount Locations 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Add Automount Locations";allow (add) groupdn = "ldap:///cn=System: Add Automount Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Automount Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Automount Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "automountinformation || automountkey || automountmapname || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Automount Configuration";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Remove Automount Locations 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Remove Automount Locations 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Remove Automount Locations";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for automountmap 2017-05-11T17:48:41Z DEBUG Legacy permission Add Automount maps not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add Automount Maps 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add Automount Maps 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Add Automount Maps";allow (add) groupdn = "ldap:///cn=System: Add Automount Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Automount maps not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Automount Maps 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Automount Maps 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "automountmapname || description")(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Modify Automount Maps";allow (write) groupdn = "ldap:///cn=System: Modify Automount Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Remove Automount maps not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Remove Automount Maps 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Remove Automount Maps 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Remove Automount Maps";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=automount,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for ca 2017-05-11T17:48:41Z DEBUG Legacy permission Add CA not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add CA 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add CA 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Delete CA not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Delete CA 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Delete CA 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify CA not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify CA 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify CA 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:///cn=System: Modify CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read CAs 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read CAs 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || ipacaid || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CAs";allow (compare,read,search) userdn = "ldap:///all";)' to cn=cas,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for caacl 2017-05-11T17:48:41Z DEBUG Legacy permission Add CA ACL not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add CA ACL 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add CA ACL 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Add CA ACL";allow (add) groupdn = "ldap:///cn=System: Add CA ACL,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Delete CA ACL not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Delete CA ACL 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Delete CA ACL 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Delete CA ACL";allow (delete) groupdn = "ldap:///cn=System: Delete CA ACL,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Manage CA ACL membership not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Manage CA ACL Membership 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Manage CA ACL Membership 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "hostcategory || ipacacategory || ipacertprofilecategory || ipamemberca || ipamembercertprofile || memberhost || memberservice || memberuser || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Manage CA ACL Membership";allow (write) groupdn = "ldap:///cn=System: Manage CA ACL Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify CA ACL not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify CA ACL 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify CA ACL 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || description || ipaenabledflag")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Modify CA ACL";allow (write) groupdn = "ldap:///cn=System: Modify CA ACL,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read CA ACLs 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read CA ACLs 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipacacategory || ipacertprofilecategory || ipaenabledflag || ipamemberca || ipamembercertprofile || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Read CA ACLs";allow (compare,read,search) userdn = "ldap:///all";)' to cn=caacls,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for certprofile 2017-05-11T17:48:41Z DEBUG Legacy permission Delete Certificate Profile not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Delete Certificate Profile 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Delete Certificate Profile 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Delete Certificate Profile";allow (delete) groupdn = "ldap:///cn=System: Delete Certificate Profile,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Import Certificate Profile not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Import Certificate Profile 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Import Certificate Profile 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Import Certificate Profile";allow (add) groupdn = "ldap:///cn=System: Import Certificate Profile,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Certificate Profile not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Certificate Profile 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Certificate Profile 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || description || ipacertprofilestoreissued")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Modify Certificate Profile";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Profile,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Certificate Profiles 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Certificate Profiles 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";)' to cn=certprofiles,cn=ca,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for config 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Global Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Global Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ipaConfig,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for cosentry 2017-05-11T17:48:41Z DEBUG Legacy permission Add Group Password Policy costemplate not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cosTemplates,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Delete Group Password Policy costemplate not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Delete Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Delete Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Delete Group Password Policy costemplate";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cosTemplates,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Group Password Policy costemplate not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cospriority")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Modify Group Password Policy costemplate";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cosTemplates,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Group Password Policy costemplate 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || cospriority || createtimestamp || entryusn || krbpwdpolicyreference || modifytimestamp || objectclass")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Read Group Password Policy costemplate";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy costemplate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=cosTemplates,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for dnsconfig 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read DNS Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read DNS Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh || ipadnsversion || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=rdlg,dc=net")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Read DNS Configuration";allow (read) groupdn = "ldap:///cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Write DNS Configuration not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Write DNS Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Write DNS Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=rdlg,dc=net")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for dnsserver 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify DNS Servers Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify DNS Servers Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read DNS Servers Configuration 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read DNS Servers Configuration 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for dnszone 2017-05-11T17:48:41Z DEBUG Legacy permission add dns entries not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add DNS Entries 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add DNS Entries 2017-05-11T17:48:41Z DEBUG Adding ACI u'(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Manage DNSSEC keys 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Manage DNSSEC keys 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Manage DNSSEC metadata 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Manage DNSSEC metadata 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=rdlg,dc=net")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read DNS Entries 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read DNS Entries 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission 'Read DNS Entries' not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read DNSSEC metadata 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read DNSSEC metadata 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=rdlg,dc=net")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission remove dns entries not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Remove DNS Entries 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Remove DNS Entries 2017-05-11T17:48:41Z DEBUG Adding ACI u'(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission update dns entries not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Update DNS Entries 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Update DNS Entries 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for group 2017-05-11T17:48:41Z DEBUG Legacy permission Add Groups not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add Groups 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Add Groups 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Group membership not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Group Membership 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Group Membership 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(&(!(cn=admins))(objectclass=ipausergroup))")(version 3.0;acl "permission:System: Modify Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Modify Groups not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Modify Groups 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Modify Groups 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || description || gidnumber || ipauniqueid || mepmanagedby || objectclass")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Modify Groups";allow (write) groupdn = "ldap:///cn=System: Modify Groups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Group Compat Tree 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Group Compat Tree 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read Group Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Group Membership 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Group Membership 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "member || memberhost || memberof || memberuid || memberuser")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Group Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Group Views Compat Tree 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Group Views Compat Tree 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=*,cn=views,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read Group Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Read Groups 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Read Groups 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || gidnumber || ipaexternalmember || ipantsecurityidentifier || ipauniqueid || mepmanagedby || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Groups";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Legacy permission Remove Groups not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Remove Groups 2017-05-11T17:48:41Z DEBUG Updating ACI for managed permission: System: Remove Groups 2017-05-11T17:48:41Z DEBUG Adding ACI u'(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Remove Groups";allow (delete) groupdn = "ldap:///cn=System: Remove Groups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:41Z DEBUG Updating managed permissions for hbacrule 2017-05-11T17:48:41Z DEBUG Legacy permission Add HBAC rule not found 2017-05-11T17:48:41Z DEBUG Updating managed permission: System: Add HBAC Rule 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add HBAC Rule 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Add HBAC Rule";allow (add) groupdn = "ldap:///cn=System: Add HBAC Rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Delete HBAC rule not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Delete HBAC Rule 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Delete HBAC Rule 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Delete HBAC Rule";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Manage HBAC rule membership not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage HBAC Rule Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage HBAC Rule Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "externalhost || memberhost || memberservice || memberuser")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Manage HBAC Rule Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Rule Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify HBAC rule not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify HBAC Rule 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify HBAC Rule 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read HBAC Rules 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read HBAC Rules 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for hbacsvc 2017-05-11T17:48:42Z DEBUG Legacy permission Add HBAC services not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add HBAC Services 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add HBAC Services 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Delete HBAC services not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Delete HBAC Services 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Delete HBAC Services 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Delete HBAC Services";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Services,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read HBAC Services 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read HBAC Services 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Read HBAC Services";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbacservices,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for hbacsvcgroup 2017-05-11T17:48:42Z DEBUG Legacy permission Add HBAC service groups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Add HBAC Service Groups";allow (add) groupdn = "ldap:///cn=System: Add HBAC Service Groups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Delete HBAC service groups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Delete HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Delete HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Delete HBAC Service Groups";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Service Groups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Manage HBAC service group membership not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage HBAC Service Group Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage HBAC Service Group Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Manage HBAC Service Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Service Group Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read HBAC Service Groups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Read HBAC Service Groups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for host 2017-05-11T17:48:42Z DEBUG Legacy permission Add Hosts not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add Hosts 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add Hosts 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Add Hosts";allow (add) groupdn = "ldap:///cn=System: Add Hosts,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Add krbPrincipalName to a host not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add krbPrincipalName to a Host 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add krbPrincipalName to a Host 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Enroll a host not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Enroll a Host 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Enroll a Host 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "enrolledby || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host Certificates 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host Certificates 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host Enrollment Password 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host Enrollment Password 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "userpassword")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Enrollment Password";allow (write) groupdn = "ldap:///cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Manage host keytab not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host Keytab 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host Keytab 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(&(!(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net))(objectclass=ipahost))")(version 3.0;acl "permission:System: Manage Host Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host Keytab Permissions 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host Keytab Permissions 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Host Keytab Permissions,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host Principals 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host Principals 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Principals";allow (write) groupdn = "ldap:///cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Manage Host SSH Public Keys not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Manage Host SSH Public Keys 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Manage Host SSH Public Keys 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "ipasshpubkey")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify Hosts not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify Hosts 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify Hosts 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "description || ipaassignedidview || krbprincipalauthind || l || macaddress || nshardwareplatform || nshostlocation || nsosversion || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Modify Hosts";allow (write) groupdn = "ldap:///cn=System: Modify Hosts,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Host Compat Tree 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Host Compat Tree 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || macaddress || modifytimestamp || objectclass")(target = "ldap:///cn=computers,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read Host Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Host Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Host Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "memberof")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Host Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Hosts 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Hosts 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || enrolledby || entryusn || fqdn || ipaassignedidview || ipaclientversion || ipakrbauthzdata || ipasshpubkey || ipauniqueid || krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || l || macaddress || managedby || modifytimestamp || nshardwareplatform || nshostlocation || nsosversion || objectclass || serverhostname || usercertificate || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Hosts";allow (compare,read,search) userdn = "ldap:///all";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Remove Hosts not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Remove Hosts 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Remove Hosts 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Remove Hosts";allow (delete) groupdn = "ldap:///cn=System: Remove Hosts,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=computers,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for hostgroup 2017-05-11T17:48:42Z DEBUG Legacy permission Add Hostgroups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add Hostgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add Hostgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Add Hostgroups";allow (add) groupdn = "ldap:///cn=System: Add Hostgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify Hostgroup membership not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify Hostgroup Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify Hostgroup Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(&(!(cn=ipaservers))(objectclass=ipahostgroup))")(version 3.0;acl "permission:System: Modify Hostgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroup Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify Hostgroups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify Hostgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify Hostgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || description")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Modify Hostgroups";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Hostgroup Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Hostgroup Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "member || memberhost || memberof || memberuser")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Hostgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Hostgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Remove Hostgroups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Remove Hostgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Remove Hostgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Remove Hostgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Hostgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=hostgroups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for idoverridegroup 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Group ID Overrides 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Group ID Overrides 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || gidnumber || ipaanchoruuid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaGroupOverride)")(version 3.0;acl "permission:System: Read Group ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for idoverrideuser 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read User ID Overrides 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read User ID Overrides 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "createtimestamp || description || entryusn || gecos || gidnumber || homedirectory || ipaanchoruuid || ipaoriginaluid || ipasshpubkey || loginshell || modifytimestamp || objectclass || uid || uidnumber || usercertificate")(targetfilter = "(objectclass=ipaUserOverride)")(version 3.0;acl "permission:System: Read User ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for idrange 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read ID Ranges 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read ID Ranges 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ranges,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for idview 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read ID Views 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read ID Views 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for krbtpolicy 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read Default Kerberos Ticket Policy 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read Default Kerberos Ticket Policy 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read User Kerberos Ticket Policy 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Ticket Policy 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for location 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add IPA Locations 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add IPA Locations 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify IPA Locations 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify IPA Locations 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Read IPA Locations 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Read IPA Locations 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Remove IPA Locations 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Remove IPA Locations 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=locations,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Updating managed permissions for netgroup 2017-05-11T17:48:42Z DEBUG Legacy permission Add netgroups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Add Netgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Add Netgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify netgroup membership not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify Netgroup Membership 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify Netgroup Membership 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "externalhost || member || memberhost || memberuser")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Netgroup Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:42Z DEBUG Legacy permission Modify netgroups not found 2017-05-11T17:48:42Z DEBUG Updating managed permission: System: Modify Netgroups 2017-05-11T17:48:42Z DEBUG Updating ACI for managed permission: System: Modify Netgroups 2017-05-11T17:48:42Z DEBUG Adding ACI u'(targetattr = "description")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroups";allow (write) groupdn = "ldap:///cn=System: Modify Netgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Netgroup Compat Tree 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Netgroup Compat Tree 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || membernisnetgroup || modifytimestamp || nisnetgrouptriple || objectclass")(target = "ldap:///cn=ng,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read Netgroup Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Netgroup Membership 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Netgroup Membership 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || externalhost || member || memberhost || memberof || memberuser || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Netgroups 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Netgroups 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipauniqueid || modifytimestamp || nisdomainname || objectclass || usercategory")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Remove netgroups not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Netgroups 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove Netgroups 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Remove Netgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Netgroups,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ng,cn=alt,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for otpconfig 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read OTP Configuration 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read OTP Configuration 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || ipatokenhotpauthwindow || ipatokenhotpsyncwindow || ipatokentotpauthwindow || ipatokentotpsyncwindow")(targetfilter = "(objectclass=ipatokenotpconfig)")(version 3.0;acl "permission:System: Read OTP Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=otp,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for permission 2017-05-11T17:48:43Z DEBUG Legacy permission Modify privilege membership not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Privilege Membership 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Privilege Membership 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Modify Privilege Membership";allow (write) groupdn = "ldap:///cn=System: Modify Privilege Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read ACIs 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read ACIs 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "aci")(version 3.0;acl "permission:System: Read ACIs";allow (compare,read,search) groupdn = "ldap:///cn=System: Read ACIs,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Permissions 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Permissions 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipapermbindruletype || ipapermdefaultattr || ipapermexcludedattr || ipapermincludedattr || ipapermissiontype || ipapermlocation || ipapermright || ipapermtarget || ipapermtargetfilter || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Read Permissions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Permissions,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=permissions,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for privilege 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Privileges 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Privileges 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Privileges";allow (add) groupdn = "ldap:///cn=System: Add Privileges,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Privileges 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Privileges 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || description || o || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Privileges";allow (write) groupdn = "ldap:///cn=System: Modify Privileges,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Privileges 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Privileges 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Privileges";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Privileges,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Privileges 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove Privileges 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Privileges";allow (delete) groupdn = "ldap:///cn=System: Remove Privileges,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=privileges,cn=pbac,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for pwpolicy 2017-05-11T17:48:43Z DEBUG Legacy permission Add Group Password Policy not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Group Password Policy 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Group Password Policy 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Add Group Password Policy";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Delete Group Password Policy not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Delete Group Password Policy 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Delete Group Password Policy 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Delete Group Password Policy";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Modify Group Password Policy not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Group Password Policy 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Group Password Policy 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength")(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Modify Group Password Policy";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Group Password Policy 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Group Password Policy 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || cospriority || createtimestamp || entryusn || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for realmdomains 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Realm Domains 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Realm Domains 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "associateddomain")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Modify Realm Domains";allow (write) groupdn = "ldap:///cn=System: Modify Realm Domains,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=Realm Domains,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Realm Domains 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Realm Domains 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "associateddomain || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";)' to cn=Realm Domains,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for role 2017-05-11T17:48:43Z DEBUG Legacy permission Add Roles not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Roles 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Roles 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Modify Role membership not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Role Membership 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Role Membership 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Modify Roles not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Roles 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Roles 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Roles 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Roles 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Remove Roles not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Roles 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove Roles 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=roles,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for selinuxusermap 2017-05-11T17:48:43Z DEBUG Legacy permission Add SELinux User Maps not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add SELinux User Maps 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add SELinux User Maps 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Add SELinux User Maps";allow (add) groupdn = "ldap:///cn=System: Add SELinux User Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Modify SELinux User Maps not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify SELinux User Maps 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify SELinux User Maps 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || ipaenabledflag || ipaselinuxuser || memberhost || memberuser || seealso")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Modify SELinux User Maps";allow (write) groupdn = "ldap:///cn=System: Modify SELinux User Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read SELinux User Maps 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read SELinux User Maps 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "accesstime || cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || modifytimestamp || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";)' to cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Remove SELinux User Maps not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove SELinux User Maps 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove SELinux User Maps 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=usermap,cn=selinux,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for server 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Locations of IPA Servers 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Locations of IPA Servers 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Status of Services on IPA Servers 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Status of Services on IPA Servers 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for service 2017-05-11T17:48:43Z DEBUG Legacy permission Add Services not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Services 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Services 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Add Services";allow (add) groupdn = "ldap:///cn=System: Add Services,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Manage service keytab not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Manage Service Keytab 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Manage Service Keytab 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Service Keytab,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Manage Service Keytab Permissions 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Manage Service Keytab Permissions 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Keytab Permissions,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Manage Service Principals 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Manage Service Principals 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Principals";allow (write) groupdn = "ldap:///cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Modify Services not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Services 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Services 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Services 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Services 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Legacy permission Remove Services not found 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Services 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove Services 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=services,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for servicedelegationrule 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Service Delegations 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Service Delegations 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Service Delegation Membership 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Service Delegation Membership 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Service Delegations 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Read Service Delegations 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Service Delegations 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Remove Service Delegations 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=s4u2proxy,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permissions for servicedelegationtarget 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Service Delegations 2017-05-11T17:48:43Z DEBUG No changes to permission: System: Add Service Delegations 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Service Delegation Membership 2017-05-11T17:48:43Z DEBUG No changes to permission: System: Modify Service Delegation Membership 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Read Service Delegations 2017-05-11T17:48:43Z DEBUG No changes to permission: System: Read Service Delegations 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Remove Service Delegations 2017-05-11T17:48:43Z DEBUG No changes to permission: System: Remove Service Delegations 2017-05-11T17:48:43Z DEBUG Updating managed permissions for stageuser 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Add Stage User 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Add Stage User 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage User";allow (add) groupdn = "ldap:///cn=System: Add Stage User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Preserved Users 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Preserved Users 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Preserved Users";allow (write) groupdn = "ldap:///cn=System: Modify Preserved Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify Stage User 2017-05-11T17:48:43Z DEBUG Updating ACI for managed permission: System: Modify Stage User 2017-05-11T17:48:43Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Modify Stage User";allow (write) groupdn = "ldap:///cn=System: Modify Stage User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:43Z DEBUG Updating managed permission: System: Modify User RDN 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Modify User RDN 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "uid")(target = "ldap:///uid=*,cn=users,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify User RDN";allow (write) groupdn = "ldap:///cn=System: Modify User RDN,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Preserve User 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Preserve User 2017-05-11T17:48:44Z DEBUG Adding ACI u'(target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(target_from = "ldap:///cn=users,cn=accounts,dc=rdlg,dc=net")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve User";allow (moddn) groupdn = "ldap:///cn=System: Preserve User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Preserved Users 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Preserved Users 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read Preserved Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Preserved Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Stage User password 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Stage User password 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage User password";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage User password,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Stage Users 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Stage Users 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Remove Stage User 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Remove Stage User 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove Stage User";allow (delete) groupdn = "ldap:///cn=System: Remove Stage User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Remove preserved User 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Remove preserved User 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove preserved User";allow (delete) groupdn = "ldap:///cn=System: Remove preserved User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Reset Preserved User password 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Reset Preserved User password 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krblastpwdchange || krbpasswordexpiration || krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset Preserved User password";allow (read,search,write) groupdn = "ldap:///cn=System: Reset Preserved User password,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Undelete User 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Undelete User 2017-05-11T17:48:44Z DEBUG Adding ACI u'(target_to = "ldap:///cn=users,cn=accounts,dc=rdlg,dc=net")(target_from = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=rdlg,dc=net")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for sudocmd 2017-05-11T17:48:44Z DEBUG Legacy permission Add Sudo command not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add Sudo Command 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add Sudo Command 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Add Sudo Command";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmds,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Delete Sudo command not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Delete Sudo Command 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Delete Sudo Command 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Delete Sudo Command";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmds,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Modify Sudo command not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Modify Sudo Command 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Modify Sudo Command 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "description")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Modify Sudo Command";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmds,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Sudo Commands 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Sudo Commands 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass || sudocmd")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Read Sudo Commands";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudocmds,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for sudocmdgroup 2017-05-11T17:48:44Z DEBUG Legacy permission Add Sudo command group not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add Sudo Command Group 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add Sudo Command Group 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Add Sudo Command Group";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command Group,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Delete Sudo command group not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Delete Sudo Command Group 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Delete Sudo Command Group 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Delete Sudo Command Group";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command Group,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Manage Sudo command group membership not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Manage Sudo Command Group Membership 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Manage Sudo Command Group Membership 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "member")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Manage Sudo Command Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage Sudo Command Group Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Modify Sudo Command Group 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Modify Sudo Command Group 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "description")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Modify Sudo Command Group";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command Group,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Sudo Command Groups 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Sudo Command Groups 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Read Sudo Command Groups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for sudorule 2017-05-11T17:48:44Z DEBUG Legacy permission Add Sudo rule not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add Sudo rule 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add Sudo rule 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Add Sudo rule";allow (add) groupdn = "ldap:///cn=System: Add Sudo rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Delete Sudo rule not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Delete Sudo rule 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Delete Sudo rule 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Modify Sudo rule not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Modify Sudo rule 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Modify Sudo rule 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cmdcategory || description || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || memberallowcmd || memberdenycmd || memberhost || memberuser || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Modify Sudo rule";allow (write) groupdn = "ldap:///cn=System: Modify Sudo rule,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Sudo Rules 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Sudo Rules 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cmdcategory || cn || createtimestamp || description || entryusn || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || ipauniqueid || member || memberallowcmd || memberdenycmd || memberhost || memberuser || modifytimestamp || objectclass || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Read Sudo Rules";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudorules,cn=sudo,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Sudoers compat tree 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Sudoers compat tree 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for trust 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read Trust Information 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read Trust Information 2017-05-11T17:48:44Z WARNING Unparseable ACI (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";): malformed ACI, match for version and bind rule failed (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) (at cn=trusts,dc=rdlg,dc=net) 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipantadditionalsuffixes || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read system trust accounts 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read system trust accounts 2017-05-11T17:48:44Z WARNING Unparseable ACI (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";): malformed ACI, match for version and bind rule failed (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) (at cn=trusts,dc=rdlg,dc=net) 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=trusts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for user 2017-05-11T17:48:44Z DEBUG Legacy permission Add user to default group not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add User to default group 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add User to default group 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Add User to default group";allow (write) groupdn = "ldap:///cn=System: Add User to default group,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=groups,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Add Users not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add Users 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add Users 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Change a user password not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Change User password 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Change User password 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Manage User Certificates 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Manage User Certificates 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "usercertificate")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificates";allow (write) groupdn = "ldap:///cn=System: Manage User Certificates,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Manage User Principals 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Manage User Principals 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Principals";allow (write) groupdn = "ldap:///cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Manage User SSH Public Keys not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Manage User SSH Public Keys 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Manage User SSH Public Keys 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "ipasshpubkey")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Modify Users not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Modify Users 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Modify Users 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read UPG Definition 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read UPG Definition 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Addressbook Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Addressbook Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Compat Tree 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Compat Tree 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User IPA Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User IPA Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "ipasshpubkey || ipauniqueid || ipauserauthtype || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User IPA Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Kerberos Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalexpiration || krbprincipalname || krbprincipaltype || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Kerberos Login Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Login Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krblastadminunlock || krblastfailedauth || krblastpwdchange || krblastsuccessfulauth || krbloginfailedcount || krbpwdpolicyreference || krbticketpolicyreference || krbupenabled")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Login Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Login Attributes,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Membership 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Membership 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "memberof")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User NT Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User NT Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "ntuniqueid || ntuseracctexpires || ntusercodepage || ntuserdeleteaccount || ntuserdomainid || ntuserlastlogoff || ntuserlastlogon")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User NT Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User NT Attributes,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Standard Attributes 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Standard Attributes 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || initials || ipantsecurityidentifier || loginshell || manager || modifytimestamp || objectclass || sn || title || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Standard Attributes";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Read User Views Compat Tree 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Read User Views Compat Tree 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=*,cn=views,cn=compat,dc=rdlg,dc=net")(version 3.0;acl "permission:System: Read User Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Remove Users not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Remove Users 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Remove Users 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Remove Users";allow (delete) groupdn = "ldap:///cn=System: Remove Users,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Legacy permission Unlock user accounts not found 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Unlock User 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Unlock User 2017-05-11T17:48:44Z DEBUG Adding ACI u'(targetattr = "krblastadminunlock || krbloginfailedcount || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Unlock User";allow (write) groupdn = "ldap:///cn=System: Unlock User,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permissions for vault 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Add Vaults 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Add Vaults 2017-05-11T17:48:44Z DEBUG Adding ACI u'(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Add Vaults";allow (add) groupdn = "ldap:///cn=System: Add Vaults,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Delete Vaults 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Delete Vaults 2017-05-11T17:48:44Z DEBUG Adding ACI u'(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Delete Vaults";allow (delete) groupdn = "ldap:///cn=System: Delete Vaults,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:44Z DEBUG Updating managed permission: System: Manage Vault Membership 2017-05-11T17:48:44Z DEBUG Updating ACI for managed permission: System: Manage Vault Membership 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "member")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Membership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Membership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Manage Vault Ownership 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Manage Vault Ownership 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Ownership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Modify Vaults 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Modify Vaults 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || description || ipavaultpublickey || ipavaultsalt || ipavaulttype || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Modify Vaults";allow (write) groupdn = "ldap:///cn=System: Modify Vaults,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read Vaults 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read Vaults 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || ipavaultpublickey || ipavaultsalt || ipavaulttype || member || memberhost || memberuser || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Read Vaults";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vaults,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permissions for vaultcontainer 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Add Vault Containers 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Add Vault Containers 2017-05-11T17:48:45Z DEBUG Adding ACI u'(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Add Vault Containers";allow (add) groupdn = "ldap:///cn=System: Add Vault Containers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Delete Vault Containers 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Delete Vault Containers 2017-05-11T17:48:45Z DEBUG Adding ACI u'(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Delete Vault Containers";allow (delete) groupdn = "ldap:///cn=System: Delete Vault Containers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Manage Vault Container Ownership 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Manage Vault Container Ownership 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Manage Vault Container Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Container Ownership,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Modify Vault Containers 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Modify Vault Containers 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || description || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Modify Vault Containers";allow (write) groupdn = "ldap:///cn=System: Modify Vault Containers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read Vault Containers 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read Vault Containers 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Read Vault Containers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vault Containers,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating non-object managed permissions 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Add CA Certificate For Renewal 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Add CA Certificate For Renewal 2017-05-11T17:48:45Z DEBUG Adding ACI u'(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Add CA Certificate For Renewal";allow (add) groupdn = "ldap:///cn=System: Add CA Certificate For Renewal,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Add Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Add Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Add Certificate Store Entry";allow (add) groupdn = "ldap:///cn=System: Add Certificate Store Entry,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Compat Tree ID View targets 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Compat Tree ID View targets 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "ipaanchoruuid")(target = "ldap:///cn=*,cn=compat,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipaOverrideTarget)")(version 3.0;acl "permission:System: Compat Tree ID View targets";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Modify CA Certificate 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Modify CA Certificate 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cacertificate")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Modify CA Certificate";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Modify CA Certificate For Renewal 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Modify CA Certificate For Renewal 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "usercertificate")(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Modify CA Certificate For Renewal";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate For Renewal,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Modify Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Modify Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cacertificate || ipacertissuerserial || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Modify Certificate Store Entry";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Store Entry,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read AD Domains 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read AD Domains 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipantdomainguid || ipantfallbackprimarygroup || ipantflatname || ipantsecurityidentifier || modifytimestamp || objectclass")(target = "ldap:///cn=ad,cn=etc,dc=rdlg,dc=net")(targetfilter = "(objectclass=ipantdomainattrs)")(version 3.0;acl "permission:System: Read AD Domains";allow (compare,read,search) userdn = "ldap:///all";)' to cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read CA Certificate 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read CA Certificate 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "authorityrevocationlist || cacertificate || certificaterevocationlist || cn || createtimestamp || crosscertificatepair || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Read CA Certificate";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=CAcert,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read CA Renewal Information 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read CA Renewal Information 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Read CA Renewal Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read Certificate Store Entries 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read Certificate Store Entries 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cacertificate || cn || createtimestamp || entryusn || ipacertissuerserial || ipacertsubject || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage || ipapublickey || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Read Certificate Store Entries";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read DNA Configuration 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read DNA Configuration 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || dnahostname || dnaportnum || dnaremainingvalues || dnaremotebindmethod || dnaremoteconnprotocol || dnasecureportnum || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=dnasharedconfig)")(version 3.0;acl "permission:System: Read DNA Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read DUA Profile 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read DUA Profile 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "attributemap || authenticationmethod || bindtimelimit || cn || createtimestamp || credentiallevel || defaultsearchbase || defaultsearchscope || defaultserverlist || dereferencealiases || entryusn || followreferrals || modifytimestamp || objectclass || objectclassmap || ou || preferredserverlist || profilettl || searchtimelimit || serviceauthenticationmethod || servicecredentiallevel || servicesearchdescriptor")(targetfilter = "(|(objectclass=organizationalUnit)(objectclass=DUAConfigProfile))")(version 3.0;acl "permission:System: Read DUA Profile";allow (compare,read,search) userdn = "ldap:///anyone";)' to ou=profile,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read Domain Level 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read Domain Level 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "createtimestamp || entryusn || ipadomainlevel || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipadomainlevelconfig)")(version 3.0;acl "permission:System: Read Domain Level";allow (compare,read,search) userdn = "ldap:///all";)' to cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read IPA Masters 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read IPA Masters 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Read IPA Masters";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Masters,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Read Replication Information 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Read Replication Information 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicachangecount || nsds5replicacleanruv || nsds5replicaid || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicatombstonepurgeinterval || nsds5replicatype || nsds5task || nsstate || objectclass")(targetfilter = "(objectclass=nsds5replica)")(version 3.0;acl "permission:System: Read Replication Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=replication,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Updating managed permission: System: Remove Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Updating ACI for managed permission: System: Remove Certificate Store Entry 2017-05-11T17:48:45Z DEBUG Adding ACI u'(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Remove Certificate Store Entry";allow (delete) groupdn = "ldap:///cn=System: Remove Certificate Store Entry,cn=permissions,cn=pbac,dc=rdlg,dc=net";)' to cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net 2017-05-11T17:48:45Z DEBUG Deleting obsolete permission System: Read Creator and Modifier Operational Attributes 2017-05-11T17:48:45Z DEBUG raw: permission_del((u'System: Read Creator and Modifier Operational Attributes',), force=True, version=u'2.101') 2017-05-11T17:48:45Z DEBUG permission_del((u'System: Read Creator and Modifier Operational Attributes',), continue=False, force=True, version=u'2.101') 2017-05-11T17:48:45Z DEBUG Obsolete permission not found 2017-05-11T17:48:45Z DEBUG Deleting obsolete permission System: Read Timestamp and USN Operational Attributes 2017-05-11T17:48:45Z DEBUG raw: permission_del((u'System: Read Timestamp and USN Operational Attributes',), force=True, version=u'2.101') 2017-05-11T17:48:45Z DEBUG permission_del((u'System: Read Timestamp and USN Operational Attributes',), continue=False, force=True, version=u'2.101') 2017-05-11T17:48:45Z DEBUG Obsolete permission not found 2017-05-11T17:48:45Z DEBUG Executing upgrade plugin: update_read_replication_agreements_permission 2017-05-11T17:48:45Z DEBUG raw: update_read_replication_agreements_permission 2017-05-11T17:48:45Z DEBUG Old permission not found 2017-05-11T17:48:45Z DEBUG Executing upgrade plugin: update_idrange_baserid 2017-05-11T17:48:45Z DEBUG raw: update_idrange_baserid 2017-05-11T17:48:45Z DEBUG update_idrange_baserid: search for ipa-ad-trust-posix ID ranges with ipaBaseRID != 0 2017-05-11T17:48:45Z DEBUG update_idrange_baserid: no AD domain range with posix attributes found 2017-05-11T17:48:45Z DEBUG Executing upgrade plugin: update_passync_privilege_update 2017-05-11T17:48:45Z DEBUG raw: update_passync_privilege_update 2017-05-11T17:48:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG Add PassSync user as a member of PassSync privilege 2017-05-11T17:48:45Z DEBUG PassSync user not found, no update needed 2017-05-11T17:48:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG Executing upgrade plugin: update_dnsserver_configuration_into_ldap 2017-05-11T17:48:45Z DEBUG raw: update_dnsserver_configuration_into_ldap 2017-05-11T17:48:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG DNS container not found, nothing to upgrade 2017-05-11T17:48:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:45Z DEBUG Destroyed connection context.ldap2_240679504 2017-05-11T17:48:45Z DEBUG duration: 72 seconds 2017-05-11T17:48:45Z DEBUG [7/9]: stopping directory server 2017-05-11T17:48:45Z DEBUG Starting external process 2017-05-11T17:48:45Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service 2017-05-11T17:48:46Z DEBUG Process finished, return code=0 2017-05-11T17:48:46Z DEBUG stdout= 2017-05-11T17:48:46Z DEBUG stderr= 2017-05-11T17:48:46Z DEBUG duration: 1 seconds 2017-05-11T17:48:46Z DEBUG [8/9]: restoring configuration 2017-05-11T17:48:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:48:46Z DEBUG duration: 0 seconds 2017-05-11T17:48:46Z DEBUG [9/9]: starting directory server 2017-05-11T17:48:46Z DEBUG Starting external process 2017-05-11T17:48:46Z DEBUG args=/bin/systemctl start dirsrv@RDLG-NET.service 2017-05-11T17:48:47Z DEBUG Process finished, return code=0 2017-05-11T17:48:47Z DEBUG stdout= 2017-05-11T17:48:47Z DEBUG stderr= 2017-05-11T17:48:47Z DEBUG Starting external process 2017-05-11T17:48:47Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:48:47Z DEBUG Process finished, return code=0 2017-05-11T17:48:47Z DEBUG stdout=active 2017-05-11T17:48:47Z DEBUG stderr= 2017-05-11T17:48:47Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:48:47Z DEBUG duration: 0 seconds 2017-05-11T17:48:47Z DEBUG Done. 2017-05-11T17:48:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-05-11T17:48:47Z DEBUG Restarting the directory server 2017-05-11T17:48:47Z DEBUG Starting external process 2017-05-11T17:48:47Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service 2017-05-11T17:48:54Z DEBUG Process finished, return code=0 2017-05-11T17:48:54Z DEBUG stdout= 2017-05-11T17:48:54Z DEBUG stderr= 2017-05-11T17:48:54Z DEBUG Starting external process 2017-05-11T17:48:54Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:48:54Z DEBUG Process finished, return code=0 2017-05-11T17:48:54Z DEBUG stdout=active 2017-05-11T17:48:54Z DEBUG stderr= 2017-05-11T17:48:54Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-05-11T17:48:54Z DEBUG Starting external process 2017-05-11T17:48:54Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service 2017-05-11T17:48:54Z DEBUG Process finished, return code=0 2017-05-11T17:48:54Z DEBUG stdout=active 2017-05-11T17:48:54Z DEBUG stderr= 2017-05-11T17:48:54Z DEBUG Restarting the KDC 2017-05-11T17:48:54Z DEBUG Starting external process 2017-05-11T17:48:54Z DEBUG args=/bin/systemctl restart krb5kdc.service 2017-05-11T17:48:54Z DEBUG Process finished, return code=0 2017-05-11T17:48:54Z DEBUG stdout= 2017-05-11T17:48:54Z DEBUG stderr= 2017-05-11T17:48:54Z DEBUG Starting external process 2017-05-11T17:48:54Z DEBUG args=/bin/systemctl is-active krb5kdc.service 2017-05-11T17:48:54Z DEBUG Process finished, return code=0 2017-05-11T17:48:54Z DEBUG stdout=active 2017-05-11T17:48:54Z DEBUG stderr= 2017-05-11T17:48:54Z DEBUG Starting external process 2017-05-11T17:48:54Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service 2017-05-11T17:48:55Z DEBUG Process finished, return code=0 2017-05-11T17:48:55Z DEBUG stdout= 2017-05-11T17:48:55Z DEBUG stderr= 2017-05-11T17:48:55Z DEBUG Starting external process 2017-05-11T17:48:55Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service 2017-05-11T17:48:55Z DEBUG Process finished, return code=0 2017-05-11T17:48:55Z DEBUG stdout=active 2017-05-11T17:48:55Z DEBUG stderr= 2017-05-11T17:48:55Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-05-11T17:48:57Z DEBUG Waiting until the CA is running 2017-05-11T17:48:57Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus 2017-05-11T17:48:57Z DEBUG request body '' 2017-05-11T17:49:04Z DEBUG response status 200 2017-05-11T17:49:04Z DEBUG response headers {'date': 'Thu, 11 May 2017 17:49:04 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2017-05-11T17:49:04Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>' 2017-05-11T17:49:04Z DEBUG The CA status is: running 2017-05-11T17:49:04Z DEBUG Created connection context.ldap2_60067536 2017-05-11T17:49:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-05-11T17:49:04Z DEBUG raw: server_find(None, version=u'2.213', no_members=False) 2017-05-11T17:49:04Z DEBUG server_find(None, all=False, raw=False, version=u'2.213', no_members=False, pkey_only=False) 2017-05-11T17:49:04Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache 2017-05-11T17:49:04Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa718a28> 2017-05-11T17:49:04Z DEBUG raw: topologysuffix_find(None, all=True, raw=True, version=u'2.213') 2017-05-11T17:49:04Z DEBUG topologysuffix_find(None, all=True, raw=True, version=u'2.213', pkey_only=False) 2017-05-11T17:49:04Z DEBUG raw: server_role_find(None, server_server=u'ipa.rdlg.net', status=u'enabled', version=u'2.213') 2017-05-11T17:49:04Z DEBUG server_role_find(None, server_server=u'ipa.rdlg.net', status=u'enabled', all=False, raw=False, version=u'2.213') 2017-05-11T17:49:04Z DEBUG found 1 1 records for ipa.rdlg.net.: 172.20.0.200 2017-05-11T17:49:04Z DEBUG found 1 28 records for ipa.rdlg.net.: 2001:470:4b:57c::200 2017-05-11T17:49:04Z DEBUG Restarting the web server 2017-05-11T17:49:04Z DEBUG Starting external process 2017-05-11T17:49:04Z DEBUG args=/bin/systemctl restart httpd.service 2017-05-11T17:49:06Z DEBUG Process finished, return code=0 2017-05-11T17:49:06Z DEBUG stdout= 2017-05-11T17:49:06Z DEBUG stderr= 2017-05-11T17:49:06Z DEBUG Starting external process 2017-05-11T17:49:06Z DEBUG args=/bin/systemctl is-active httpd.service 2017-05-11T17:49:06Z DEBUG Process finished, return code=0 2017-05-11T17:49:06Z DEBUG stdout=active 2017-05-11T17:49:06Z DEBUG stderr= 2017-05-11T17:49:06Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache 2017-05-11T17:49:06Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa7f10e0> 2017-05-11T17:49:06Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:08Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:10Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:13Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:15Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:17Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:19Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:21Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:23Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:25Z DEBUG Unable to find DNA shared config entry for dnaHostname=ipa.rdlg.net (under cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net) so far. Retry in 2 sec. 2017-05-11T17:49:27Z DEBUG Changing admin password 2017-05-11T17:49:27Z DEBUG Starting external process 2017-05-11T17:49:27Z DEBUG args=/usr/bin/ldappasswd -h ipa.rdlg.net -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpI0s4Fk -T /var/lib/ipa/tmpNdl0EF uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net 2017-05-11T17:49:27Z DEBUG Process finished, return code=0 2017-05-11T17:49:27Z DEBUG stdout= 2017-05-11T17:49:27Z DEBUG stderr= 2017-05-11T17:49:27Z DEBUG ldappasswd done 2017-05-11T17:49:27Z DEBUG Configuring client side components 2017-05-11T17:49:27Z DEBUG Starting external process 2017-05-11T17:49:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain rdlg.net --server ipa.rdlg.net --realm RDLG.NET --hostname ipa.rdlg.net 2017-05-11T19:33:00Z DEBUG Process interrupted
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
Untitled
18 min ago | 7.49 KB
⚠️ SCAM CAMPAIGN ON PASTEBIN ⚠️
CSS | 40 min ago | 0.34 KB
⚠️ Swapz0ne Method is a SCAM ⚠️
CSS | 40 min ago | 0.34 KB
Untitled
2 hours ago | 6.43 KB
Untitled
4 hours ago | 8.03 KB
Untitled
6 hours ago | 10.02 KB
Untitled
10 hours ago | 7.90 KB
Untitled
12 hours ago | 7.14 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!
