Subject content ? Where are ST and L ?
by Thomas Guthmann
Hi,
Before using dogtag 1.3, I used CA.pl or tinyCA and in the subject we
had STate and Location which seem to not exist anymore when I create an
user certificate (profile=caUserCert). Is STate and Location deprecated
by any RFCs or has it proved useless for an user cert ?
With dogtag 1.3 we can only enable/disable the following inputs in the
Subject by tuning the profile :
* UID (the LDAP directory user ID)
* Email
* Common Name (the name of the user)
* Organizational Unit
* Organization (the organization name)
* Country (the country where the user is located)
Ref:
<http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html-sin...>
So my questions are :
1. is it possible to enable ST and L in the subject for a user cert ?
2. If not, is there an alternative ?
I hope it is not too noob-ish questions :)
Cheers,
Thomas
13 years, 2 months
- 2
- 1
CA Cloning : Failed to setup the replication for cloning
by Patrick.Raspante@gdc4s.com
I've been working through the steps in this document:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/In
stall_Guide/cloning-a-ca.html
Made it through step 11. Stuck on the step where the wizard connects to
my new directory server instance. CA hangs and spins forever, eventually
erroring with "Failed to setup the replication for cloning".
I think I'm running into similar issues found in these bug-zillas:
https://bugzilla.redhat.com/show_bug.cgi?id=487739
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=486191
http://www.redhat.com/archives/fedora-directory-users/2009-May/msg00128.
html -- (I'm not using local host for the fqdn though)
I mentioned before that I'm using CS 8.0 GA.
pki-ca-8.0.3-1.el5pki
pki-common-8.0.3-3.el5pki
I've been told that the above issues have been already resolved in the
8.0 GA release.
Looking through my GDd directory server access and debug logs, I see the
new GD CA sets up the new CA backend in the directory server, and then
does the indexing, but the subsequent replication agreement setup never
begins.
Master = GD-CA-1
Clone = GD-CA-2
## Log snippits from=m the GD-CA-2 directory server:
==> errors <==
[28/Sep/2011:18:53:28 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:18:53:28 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Finished
indexing.
[28/Sep/2011:19:07:54 +0000] - slapd shutting down - signaling operation
threads
[28/Sep/2011:19:07:54 +0000] - slapd shutting down - waiting for 22
threads to terminate
[28/Sep/2011:19:07:54 +0000] - slapd shutting down - closing down
internal subsystems and plugins
[28/Sep/2011:19:07:54 +0000] - Waiting for 4 database threads to stop
[28/Sep/2011:19:07:54 +0000] - All database threads now stopped
[28/Sep/2011:19:07:54 +0000] - slapd stopped.
[28/Sep/2011:19:07:59 +0000] - Red Hat-Directory/8.1.0 B2009.111.1832
starting up
[28/Sep/2011:19:07:59 +0000] - slapd started. Listening on All
Interfaces port 3389 for LDAP requests
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allExpiredCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allInvalidCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allInValidCertsNotBefore-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allNonRevokedCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedCaCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedCertsNotAfter-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedExpiredCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedOrRevokedExpiredCaCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allRevokedOrRevokedExpiredCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allValidCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allValidCertsNotAfter-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(allValidOrRevokedCerts-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caAll-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCanceled-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCanceledEnrollment-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCanceledRenewal-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCanceledRevocation-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caComplete-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCompleteEnrollment-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCompleteRenewal-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caCompleteRevocation-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caEnrollment-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caPending-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caPendingEnrollment-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caPendingRenewal-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caPendingRevocation-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRejected-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRejectedEnrollment-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRejectedRenewal-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRejectedRevocation-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRenewal-GD-CA-2).
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
[28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
(caRevocation-GD-CA-2).
[28/Sep/2011:19:11:37 +0000] - ldbm: Bringing
GD-ca-1.mydomain.com-GD-CA-1 offline...
[28/Sep/2011:19:11:37 +0000] - ldbm: removing
'GD-ca-1.mydomain.com-GD-CA-1'.
[28/Sep/2011:19:11:37 +0000] - Destructor for instance
GD-ca-1.mydomain.com-GD-CA-1 called
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allExpiredCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allInvalidCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allInValidCertsNotBefore-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allNonRevokedCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedCaCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedCertsNotAfter-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedExpiredCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedOrRevokedExpiredCaCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allRevokedOrRevokedExpiredCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allValidCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allValidCertsNotAfter-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: allValidOrRevokedCerts-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caAll-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCanceled-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCanceledEnrollment-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCanceledRenewal-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCanceledRevocation-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caComplete-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCompleteEnrollment-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCompleteRenewal-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caCompleteRevocation-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caEnrollment-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caPending-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caPendingEnrollment-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caPendingRenewal-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caPendingRevocation-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRejected-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRejectedEnrollment-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRejectedRenewal-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRejectedRevocation-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRenewal-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
VLV: caRevocation-GD-CA-2Index
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1 may not
be added to the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
the database yet.
[28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Finished
indexing.
...
==> access <==
.....
[28/Sep/2011:19:11:39 +0000] conn=24 op=85 ADD
dn="cn=caRejected-GD-CA-2Index, cn=caRejected-GD-CA-2,
cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=85 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=86 ADD
dn="cn=caRejectedEnrollment-GD-CA-2Index,
cn=caRejectedEnrollment-GD-CA-2, cn=GD-ca-1.mydomain.com-GD-CA-1,
cn=ldbm database, cn=plugins, cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=86 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=87 ADD
dn="cn=caRejectedRenewal-GD-CA-2Index, cn=caRejectedRenewal-GD-CA-2,
cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=87 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=88 ADD
dn="cn=caRejectedRevocation-GD-CA-2Index,
cn=caRejectedRevocation-GD-CA-2, cn=GD-ca-1.mydomain.com-GD-CA-1,
cn=ldbm database, cn=plugins, cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=88 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=89 ADD
dn="cn=caRenewal-GD-CA-2Index, cn=caRenewal-GD-CA-2,
cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=89 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=90 ADD
dn="cn=caRevocation-GD-CA-2Index, cn=caRevocation-GD-CA-2,
cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=90 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:39 +0000] conn=24 op=91 ADD dn="cn=index1160589769,
cn=index, cn=tasks, cn=config"
[28/Sep/2011:19:11:39 +0000] conn=24 op=91 RESULT err=0 tag=105
nentries=0 etime=0
[28/Sep/2011:19:11:40 +0000] conn=24 op=92 SRCH
base="cn=index1160589769, cn=index, cn=tasks, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[28/Sep/2011:19:11:40 +0000] conn=24 op=92 RESULT err=0 tag=101
nentries=1 etime=0
[28/Sep/2011:19:11:40 +0000] conn=24 op=93 UNBIND
[28/Sep/2011:19:11:40 +0000] conn=24 op=93 fd=80 closed - U1
## And that's it.
## I never get to this stage ( this is from making clones of brand new
CA and DS instances - not an existing master CA):
[24/Sep/2011:16:46:28 +0000] NSMMReplicationPlugin -
agmt="cn=cloneAgreement1-mydomain.com-GD-CA-3" (GD-ds-1:3389): Replica
has a different generation ID than the local data.
[24/Sep/2011:16:46:29 +0000] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=mydomain.com-GD-ca-2 is going
offline; disabling replication
[24/Sep/2011:16:46:29 +0000] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access
the database
[24/Sep/2011:16:46:33 +0000] - import mydomain.com-GD-CA-2: Workers
finished; cleaning up...
[24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Workers
cleaned up.
[24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Indexing
complete. Post-processing...
[24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Flushing
caches...
[24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Closing
files...
[24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Import
complete. Processed 57 entries in 4 seconds. (14.25 entries/sec)
[24/Sep/2011:16:46:34 +0000] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=mydomain.com-GD-ca-2 is coming
online; enabling replication
Thanks,
Patrick
13 years, 2 months
- 2
- 1
- ← Newer
- 1
- Older →