10 a.m.
Great finding the root cause!
The problem here is that your directory server instance has syntax
checking enabled. We will fix this issue in Dogtag 10.
For dogtag 9, you can work around this issue by disabling syntax
checking in the DB.
1. Shut down your directory server.
2 .Edit the dse.ldif and set:
nsslapd-syntaxcheck: off
3. Restart your directory server.
Ade
On Tue, 2014-02-18 at 16:49 +0100, Jindrich Dolezal wrote:
so the root cause seems to be this (was bit higher in the debug log
than previous post):
[18/Feb/2014:15:34:58][http-9445-2]: SecurityDomainSessionTable:
unable to create session entry-1411012119543770863:
netscape.ldap.LDAPException: error result (21); host: value #0 invalid
per syntax
i found this ticket https://fedorahosted.org/pki/ticket/457
anyone knows if this was fixed or any workaround?
jd
On 02/18/2014 03:03 PM, Jindrich Dolezal wrote:
> additional info:
> on the master ca machine i found following in the log file:
>
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet:service() uri
> = /ca/ee/ca/updateNumberRange
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='type' value='request'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='xmlOutput' value='true'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='sessionID' value='-1411012119543770863'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet: caUpdateNumberRange
> start to service.
> [18/Feb/2014:14:00:19][http-9444-2]: UpdateNumberRange:
> processing...
> [18/Feb/2014:14:00:19][http-9444-2]: UpdateNumberRange process:
> authentication starts
> [18/Feb/2014:14:00:19][http-9444-2]: IP: 10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-2]: AuthMgrName: TokenAuth
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet: no client
> certificate found
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication: start
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication:
> content=sessionID=-1411012119543770863&hostname=10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet:service() uri
> = /ca/ee/ca/tokenAuthenticate
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet::service() param
> name='hostname' value='10.10.16.73'
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet::service() param
> name='sessionID' value='-1411012119543770863'
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet: caTokenAuthenticate
> start to service.
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication:
> sessionId=-1411012119543770863
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication:
> givenHost=10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication: checking
> session in the session table
> [18/Feb/2014:14:00:19][http-9444-1]: CMSEngine: getPasswordStore():
> password store initialized before.
> [18/Feb/2014:14:00:19][http-9444-1]: CMSEngine: getPasswordStore():
> password store initialized.
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication: session
> not found
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication
> authenticate failed, session id does not exist.
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication: status=1
> [18/Feb/2014:14:00:19][http-9444-2]: SignedAuditEventFactory:
> create() message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified
> $][Outcome=Failure][AuthMgr=TokenAuth][AttemptedCred=$Unidentified$]
> authentication failure
>
>
>
>
> On 02/18/2014 02:47 PM, Jindrich Dolezal wrote:
>
> > hi,
> >
> > im using dogtag 9.0 (pki-ca-9.0.3) on rhel 6.2 and want to make
> > clone. i'm following 'Deploy and Install guide' chapter 10.3. So
> > have master ca, created clone ca and run the configuration wizard.
> > i got to point (point 10) where i am supposed to "Import Keys and
> > Certificates". After filling p12 file and password i ended with:
> >
> > " org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 15;
> > Open quote is expected for attribute "BGCOLOR" associated with an
> > element type "BODY"."
> >
> > error appearing on the page (see attached picture).
> > Note that when i fill incorrect file or invalid passord, the
> > wizard tells me with appropriate error (like no such file/...) but
> > when everything is correct SAX exception appears. SAX exception
> > also appears when i left the inputs blank and click next =>
> > therefore this step is unpassable.
> >
> > has anyone performed cloning with success?
> >
> > thanks,
> >
> > jd
> >
> >
> >
</pre>****************************************************************************************<br>This
email and any files transmitted with are confidential and intended solely for
the<br>use of the individual or entity to whom they are addressed. If you have
received this<br>email in error then please delete it and notify the sender. Do not
make a copy or forward<br>it to anyone. This footnote also confirms that this email
message has been swept for the<br>presence of computer
viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount
Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
(UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343,
VAT
Reg.No.IE6390343O<br>****************************************************************************************</pre>
> >
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
>
>
>
</pre>****************************************************************************************<br>This
email and any files transmitted with are confidential and intended solely for
the<br>use of the individual or entity to whom they are addressed. If you have
received this<br>email in error then please delete it and notify the sender. Do not
make a copy or forward<br>it to anyone. This footnote also confirms that this email
message has been swept for the<br>presence of computer
viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount
Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
(UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343,
VAT
Reg.No.IE6390343O<br>****************************************************************************************</pre>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This
email and any files transmitted with are confidential and intended solely for
the<br>use of the individual or entity to whom they are addressed. If you have
received this<br>email in error then please delete it and notify the sender. Do not
make a copy or forward<br>it to anyone. This footnote also confirms that this email
message has been swept for the<br>presence of computer
viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount
Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
(UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343,
VAT
Reg.No.IE6390343O<br>****************************************************************************************</pre>
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users