[Freeipa-users] Unable to start IPA server after server reboot

Rob Crittenden rcritten at redhat.com
Tue Aug 2 13:18:01 UTC 2011


Ondrej Valousek wrote:
>   Hi list,
>
> I have a problem with my IPA server:
> Symptoms:
>
> [root at polaris etc]# /etc/init.d/ipa start
> Starting Directory Service
> Starting dirsrv:
>      EXAMPLE-COM...                                         [  OK  ]
>      PKI-IPA...                                             [  OK  ]
> Failed to read data from Directory Service: Unknown error when
> retrieving list of services from LDAP: {'matched':
> 'cn=masters,cn=ipa,cn=etc,dc=example,dc=com', 'desc': 'No such object'}
> Shutting down
> Shutting down dirsrv:
>      EXAMPLE-COM...                                         [  OK  ]
>      PKI-IPA...                                             [  OK  ]
>
> I am able to start the services (dirsrv, named, krb5kdc) separately
> though and then read the configuration fine:
>
> [root at polaris log]# kinit admin
> Password for admin at EXAMPLE.COM:
> [root at polaris etc]# ldapsearch -Y GSSAPI -h localhost -b
> cn=masters,cn=ipa,cn=etc,dc=example,dc=com
> SASL/GSSAPI authentication started
> SASL username: admin at EXAMPLE.COM
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <cn=masters,cn=ipa,cn=etc,dc=example,dc=com> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # masters, ipa, etc, example.com
> dn: cn=masters,cn=ipa,cn=etc,dc=example,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: masters
>
> # polaris.example.com, masters, ipa, etc, example.com
> dn: cn=polaris.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
> objectClass: top
> objectClass: nsContainer
> cn: polaris.example.com
>
> # CA, polaris.example.com, masters, ipa, etc, example.com
> dn: cn=CA,cn=polaris.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 50
> cn: CA
> .....
>
> Does it ring any bell to you?
> Note that the IPA server was running fine right after the installation....

Is your hostname set to polaris.example.com or polaris (check 
/etc/sysconfig/network).

What we search for is cn=$FQDN,cn=masters,cn=etc

That explains the matched part. It matched everything except the hostname.

rob




More information about the Freeipa-users mailing list