Hello everyone.
I upgraded a freeipa server from fedora 20 to fedora 22. It mostly
worked ok, but there are a few issues:
- pki-tomcat didn't start after the upgrade, and that in turn made
ipa-upgradeconfig fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
had the wrong owner (root).
- ipa-ldap-updater stumbles over two problems:
- Pre schema upgrade failed
- when trying to modify cn=encryption,cn=config, it stumbles over
allowWeakCipher not allowed
Does anyone know how to fix this? Is the pre schema upgrade failure
spurious? what bits am I missing about the allowWeakCipher issue?
Thomas
2015-05-28T13:04:55Z DEBUG [4/10]: starting directory server
2015-05-28T13:04:55Z DEBUG Starting external process
2015-05-28T13:04:55Z DEBUG args='/bin/systemctl' 'start'
'dirsrv@XXXXX-COM.service'
2015-05-28T13:04:55Z DEBUG Process finished, return code=0
2015-05-28T13:04:55Z DEBUG stdout=
2015-05-28T13:04:55Z DEBUG stderr=Running in chroot, ignoring request.
2015-05-28T13:04:55Z DEBUG duration: 0 seconds
2015-05-28T13:04:55Z DEBUG [5/10]: preparing server upgrade
2015-05-28T13:05:36Z ERROR Pre schema upgrade failed with [Errno 2] No
such file or directory
2015-05-28T13:05:36Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 128, in __pre_schema_upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True,
live_run=self.live_run, plugins=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 220, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 783, in create_connection
dm_password=self.dm_password, pw_name=self.pw_name)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 65, in connect
conn.do_external_bind(pw_name)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1761, in do_external_bind
self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1747, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1733, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1183, in wait_for_open_socket
raise e
error: [Errno 2] No such file or directory
2015-05-28T13:05:36Z DEBUG duration: 40 seconds
2015-05-28T13:05:36Z DEBUG [6/10]: updating schema
2015-05-28T13:05:46Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 145, in __update_schema
dm_password='', ldapi=True, live_run=self.live_run) or self.modified
File
"/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py",
line 112, in update_schema
fqdn=installutils.get_fqdn())
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 65, in connect
conn.do_external_bind(pw_name)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1761, in do_external_bind
self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1747, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1733, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1183, in wait_for_open_socket
raise e
error: [Errno 2] No such file or directory
2015-05-28T13:05:46Z DEBUG [error] error: [Errno 2] No such file or
directory
2015-05-28T13:05:46Z DEBUG [cleanup]: stopping directory server
2015-05-28T13:05:46Z DEBUG Starting external process
2015-05-28T13:05:46Z DEBUG args='/bin/systemctl' 'stop'
'dirsrv@XXXXX-COM.service'
2015-05-28T13:05:46Z DEBUG Process finished, return code=0
2015-05-28T13:05:46Z DEBUG stdout=
2015-05-28T13:05:46Z DEBUG stderr=Running in chroot, ignoring request.
2015-05-28T13:05:46Z DEBUG duration: 0 seconds
2015-05-28T13:05:46Z DEBUG [cleanup]: restoring configuration
2015-05-28T13:05:46Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-05-28T13:05:46Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-05-28T13:05:46Z DEBUG duration: 0 seconds
2015-05-28T13:05:46Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py",
line 144, in run
upgrade.create_instance()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 93, in create_instance
show_service_name=False)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 145, in __update_schema
dm_password='', ldapi=True, live_run=self.live_run) or self.modified
File
"/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py",
line 112, in update_schema
fqdn=installutils.get_fqdn())
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 65, in connect
conn.do_external_bind(pw_name)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1761, in do_external_bind
self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1747, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1733, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1183, in wait_for_open_socket
raise e
2015-05-28T13:05:46Z DEBUG The ipa-ldap-updater command failed,
exception: error: [Errno 2] No such file or directory
2015-05-28T13:05:46Z ERROR [Errno 2] No such file or directory
2015-05-28T13:05:47Z DEBUG /usr/sbin/ipa-upgradeconfig was invoked
with options: {'debug': False, 'quiet': True}
2015-05-28T13:05:47Z DEBUG IPA version 4.1.4-2.fc22
2015-05-28T13:05:47Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-05-28T13:05:47Z DEBUG importing all plugin modules in
'/usr/lib/python2.7/site-packages/ipalib/plugins'...
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/idviews.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/otpconfig.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken_yubikey.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
2015-05-28T13:05:47Z DEBUG Starting external process
2015-05-28T13:05:47Z DEBUG args='klist' '-V'
2015-05-28T13:05:47Z DEBUG Process finished, return code=0
2015-05-28T13:05:47Z DEBUG stdout=Kerberos 5 version 1.13.1
2015-05-28T13:05:47Z DEBUG stderr=
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/radiusproxy.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/rpcclient.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
2015-05-28T13:05:47Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
2015-05-28T17:11:53Z INFO Updating existing entry:
cn=encryption,cn=config
2015-05-28T17:11:53Z DEBUG ---------------------------------------------
2015-05-28T17:11:53Z DEBUG Initial value
2015-05-28T17:11:53Z DEBUG dn: cn=encryption,cn=config
2015-05-28T17:11:53Z DEBUG nsSSL3:
2015-05-28T17:11:53Z DEBUG off
2015-05-28T17:11:53Z DEBUG nsSSL2:
2015-05-28T17:11:53Z DEBUG off
2015-05-28T17:11:53Z DEBUG cn:
2015-05-28T17:11:53Z DEBUG encryption
2015-05-28T17:11:53Z DEBUG objectClass:
2015-05-28T17:11:53Z DEBUG top
2015-05-28T17:11:53Z DEBUG nsEncryptionConfig
2015-05-28T17:11:53Z DEBUG sslVersionMax:
2015-05-28T17:11:53Z DEBUG TLS1.2
2015-05-28T17:11:53Z DEBUG nsSSLSessionTimeout:
2015-05-28T17:11:53Z DEBUG 0
2015-05-28T17:11:53Z DEBUG sslVersionMin:
2015-05-28T17:11:53Z DEBUG TLS1.0
2015-05-28T17:11:53Z DEBUG nsSSLSupportedCiphers:
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
SSL_CK_DES_192_EDE3_CBC_WITH_MD5::3DES::MD5::192
2015-05-28T17:11:53Z DEBUG
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_CK_RC2_128_CBC_WITH_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_CK_RC4_128_WITH_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG SSL_RSA_FIPS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG SSL_CK_DES_64_CBC_WITH_MD5::DES::MD5::64
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_EXPORT_WITH_RC4_40_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG
SSL_CK_RC4_128_EXPORT40_WITH_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG nsSSLClientAuth:
2015-05-28T17:11:53Z DEBUG allowed
2015-05-28T17:11:53Z DEBUG nssslenabledciphers:
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_RSA_FIPS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG nsTLS1:
2015-05-28T17:11:53Z DEBUG on
2015-05-28T17:11:53Z DEBUG nsSSL3Ciphers:
2015-05-28T17:11:53Z DEBUG
-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
2015-05-28T17:11:53Z DEBUG only: set nsSSL3Ciphers to '+all', current
value
['-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha']
2015-05-28T17:11:53Z DEBUG only: updated value ['+all']
2015-05-28T17:11:53Z DEBUG addifnew: 'off' to allowWeakCipher, current
value []
2015-05-28T17:11:53Z DEBUG addifnew: set allowWeakCipher to ['off']
2015-05-28T17:11:53Z DEBUG ---------------------------------------------
2015-05-28T17:11:53Z DEBUG Final value after applying updates
2015-05-28T17:11:53Z DEBUG dn: cn=encryption,cn=config
2015-05-28T17:11:53Z DEBUG nsSSL3:
2015-05-28T17:11:53Z DEBUG off
2015-05-28T17:11:53Z DEBUG nsSSL2:
2015-05-28T17:11:53Z DEBUG off
2015-05-28T17:11:53Z DEBUG cn:
2015-05-28T17:11:53Z DEBUG encryption
2015-05-28T17:11:53Z DEBUG objectClass:
2015-05-28T17:11:53Z DEBUG top
2015-05-28T17:11:53Z DEBUG nsEncryptionConfig
2015-05-28T17:11:53Z DEBUG sslVersionMax:
2015-05-28T17:11:53Z DEBUG TLS1.2
2015-05-28T17:11:53Z DEBUG nsSSLSessionTimeout:
2015-05-28T17:11:53Z DEBUG 0
2015-05-28T17:11:53Z DEBUG sslVersionMin:
2015-05-28T17:11:53Z DEBUG TLS1.0
2015-05-28T17:11:53Z DEBUG nsSSLSupportedCiphers:
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG
SSL_CK_DES_192_EDE3_CBC_WITH_MD5::3DES::MD5::192
2015-05-28T17:11:53Z DEBUG
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_CK_RC2_128_CBC_WITH_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_CK_RC4_128_WITH_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG SSL_RSA_FIPS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG SSL_CK_DES_64_CBC_WITH_MD5::DES::MD5::64
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_EXPORT_WITH_RC4_40_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256
2015-05-28T17:11:53Z DEBUG
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5::RC2::MD5::128
2015-05-28T17:11:53Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128
2015-05-28T17:11:53Z DEBUG
TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128
2015-05-28T17:11:53Z DEBUG
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0
2015-05-28T17:11:53Z DEBUG
SSL_CK_RC4_128_EXPORT40_WITH_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128
2015-05-28T17:11:53Z DEBUG nsSSLClientAuth:
2015-05-28T17:11:53Z DEBUG allowed
2015-05-28T17:11:53Z DEBUG nssslenabledciphers:
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG SSL_RSA_FIPS_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64
2015-05-28T17:11:53Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128
2015-05-28T17:11:53Z DEBUG
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192
2015-05-28T17:11:53Z DEBUG nsTLS1:
2015-05-28T17:11:53Z DEBUG on
2015-05-28T17:11:53Z DEBUG allowWeakCipher:
2015-05-28T17:11:53Z DEBUG off
2015-05-28T17:11:53Z DEBUG nsSSL3Ciphers:
2015-05-28T17:11:53Z DEBUG +all
2015-05-28T17:11:53Z DEBUG [(2, u'allowWeakCipher', ['off']), (0,
u'nsSSL3Ciphers', ['+all']), (1, u'nsSSL3Ciphers',
['-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha'])]
2015-05-28T17:11:53Z DEBUG Live 1, updated 1
2015-05-28T17:11:53Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py",
line 213, in run
modified = ld.update(self.files, ordered=True) or modified
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 854, in update
self._run_updates(all_updates)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 799, in _run_updates
self._update_record(update)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 720, in _update_record
self.conn.update_entry(entry)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1628, in update_entry
self.conn.modify_s(entry.dn, modlist)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1191, in error_handler
raise errors.ObjectclassViolation(info=info)
2015-05-28T17:11:53Z DEBUG The ipa-ldap-updater command failed,
exception: ObjectclassViolation: attribute "allowWeakCipher" not allowed
2015-05-28T17:11:53Z ERROR Unexpected error - see
/var/log/ipaupgrade.log for details:
ObjectclassViolation: attribute "allowWeakCipher" not allowed
2015-05-29T12:46:04Z DEBUG Logging to /var/log/ipaupgrade.log