DEBUG: The 389 Directory Server Creation Tool DEBUG: Inspired by works of: ITS, The University of Adelaide DEBUG: Called with: Namespace(dryrun=False, file='ds.rsp', func=, json=False, verbose=True) DEBUG: Running setup with verbose DEBUG: Using inf from ds.rsp DEBUG: Configuration ['general', 'slapd', 'backend-userroot'] DEBUG: general:config_version not in inf, using default DEBUG: general:selinux not in inf, using default DEBUG: general:systemd not in inf, using default DEBUG: general:defaults not in inf, using default DEBUG: Configuration general {'config_version': 2, 'full_machine_name': 'srv009.d01.net', 'strict_host_checking': False, 'selinux': True, 'systemd': True, 'start': True, 'defaults': '999999999'} DEBUG: slapd:user not in inf, using default DEBUG: slapd:group not in inf, using default DEBUG: slapd:prefix not in inf, using default DEBUG: slapd:bin_dir not in inf, using default DEBUG: slapd:sbin_dir not in inf, using default DEBUG: slapd:sysconf_dir not in inf, using default DEBUG: slapd:initconfig_dir not in inf, using default DEBUG: slapd:data_dir not in inf, using default DEBUG: slapd:local_state_dir not in inf, using default DEBUG: slapd:lib_dir not in inf, using default DEBUG: slapd:cert_dir not in inf, using default DEBUG: slapd:config_dir not in inf, using default DEBUG: slapd:inst_dir not in inf, using default DEBUG: slapd:backup_dir not in inf, using default DEBUG: slapd:db_dir not in inf, using default DEBUG: slapd:db_home_dir not in inf, using default DEBUG: slapd:ldif_dir not in inf, using default DEBUG: slapd:log_dir not in inf, using default DEBUG: slapd:run_dir not in inf, using default DEBUG: slapd:schema_dir not in inf, using default DEBUG: slapd:tmp_dir not in inf, using default DEBUG: Configuration slapd {'initconfig_dir': '/etc/sysconfig', 'self_sign_cert_valid_months': 120, 'port': 389, 'user': 'dirsrv', 'self_sign_cert': True, 'root_password': 'Passw0rd', 'secure_port': 636, 'root_dn': 'cn=root', 'instance_name': 'srv009', 'group': 'dirsrv', 'prefix': '/usr', 'bin_dir': '/usr/bin', 'sbin_dir': '/usr/sbin', 'sysconf_dir': '/etc', 'data_dir': '/usr/share', 'local_state_dir': '/var', 'lib_dir': '/usr/lib64', 'cert_dir': '/etc/dirsrv/slapd-srv009', 'config_dir': '/etc/dirsrv/slapd-srv009', 'inst_dir': '/usr/lib64/dirsrv/slapd-srv009', 'backup_dir': '/var/lib/dirsrv/slapd-srv009/bak', 'db_dir': '/var/lib/dirsrv/slapd-srv009/db', 'db_home_dir': '/var/lib/dirsrv/slapd-srv009/db', 'ldif_dir': '/var/lib/dirsrv/slapd-srv009/ldif', 'lock_dir': '/var/run/dirsrv/slapd-srv009', 'log_dir': '/var/log/dirsrv/slapd-srv009', 'run_dir': '/var/run/dirsrv', 'schema_dir': '/etc/dirsrv/slapd-srv009/schema', 'tmp_dir': '/tmp'} DEBUG: Configuration backends [{'name': 'userroot', 'suffix': 'dc=d01dc=net', 'create_suffix_entry': 'False'}] DEBUG: START: Starting installation... DEBUG: READY: Preparing installation for srv009... DEBUG: PASSED: using config settings 999999999 DEBUG: PASSED: user / group checking DEBUG: PASSED: prefix checking DEBUG: list instance not found in /etc/dirsrv/slapd-srv009/dse.ldif: srv009 DEBUG: PASSED: instance checking DEBUG: INFO: temp root password set to 7vhaCjZf.NhhkYrI6tXHP4AHqxwtYjgF9OO3DB7jymrSfav41VIouX7rI..0SfSxJ DEBUG: PASSED: root user checking DEBUG: PASSED: network avaliability checking DEBUG: READY: Beginning installation for srv009... DEBUG: ACTION: Creating dse.ldif DEBUG: ACTION: creating /var/lib/dirsrv/slapd-srv009/bak DEBUG: ACTION: creating /etc/dirsrv/slapd-srv009 DEBUG: ACTION: creating /var/lib/dirsrv/slapd-srv009/db DEBUG: ACTION: creating /var/lib/dirsrv/slapd-srv009/ldif DEBUG: ACTION: creating /var/run/dirsrv/slapd-srv009 DEBUG: ACTION: creating /var/log/dirsrv/slapd-srv009 DEBUG: ACTION: creating /var/run/dirsrv DEBUG: b'CMD: systemctl enable dirsrv@srv009 ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@srv009.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' DEBUG: ACTION: Creating certificate database is /etc/dirsrv/slapd-srv009 DEBUG: Allocate with None DEBUG: Allocate with /var/run/slapd-srv009.socket DEBUG: Allocate with localhost:389 DEBUG: Allocate with localhost:389 DEBUG: nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-srv009 -f /etc/dirsrv/slapd-srv009/pwdfile.txt DEBUG: nss output: DEBUG: nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/ssca/ -f /etc/dirsrv/ssca//pwdfile.txt DEBUG: nss output: DEBUG: nss cmd: /usr/bin/certutil -S -n Self-Signed-CA -s CN=ssca.389ds.example.com,O=testing,L=389ds,ST=Queensland,C=AU -x -g 4096 -t CT,, -v 120 -2 --keyUsage certSigning -d /etc/dirsrv/ssca/ -z /etc/dirsrv/ssca//noise.txt -f /etc/dirsrv/ssca//pwdfile.txt DEBUG: nss output: Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? DEBUG: nss cmd: /usr/bin/certutil -L -n Self-Signed-CA -d /etc/dirsrv/ssca/ -a DEBUG: nss cmd: /usr/bin/openssl rehash /etc/dirsrv/ssca/ DEBUG: CSR subject -> CN=srv009.d01.net,givenName=9297772c-55b9-4991-ae97-1c531be96072,O=testing,L=389ds,ST=Queensland,C=AU DEBUG: CSR alt_names -> ['srv009.d01.net'] DEBUG: nss cmd: /usr/bin/certutil -R --keyUsage digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment --nsCertType sslClient,sslServer --extKeyUsage clientAuth,serverAuth -s CN=srv009.d01.net,givenName=9297772c-55b9-4991-ae97-1c531be96072,O=testing,L=389ds,ST=Queensland,C=AU -8 srv009.d01.net -g 4096 -d /etc/dirsrv/slapd-srv009 -z /etc/dirsrv/slapd-srv009/noise.txt -f /etc/dirsrv/slapd-srv009/pwdfile.txt -a -o /etc/dirsrv/slapd-srv009/Server-Cert.csr DEBUG: nss cmd: /usr/bin/certutil -C -d /etc/dirsrv/ssca/ -f /etc/dirsrv/ssca//pwdfile.txt -v 24 -a -i /etc/dirsrv/slapd-srv009/Server-Cert.csr -o /etc/dirsrv/slapd-srv009/Server-Cert.crt -c Self-Signed-CA DEBUG: nss cmd: /usr/bin/openssl rehash /etc/dirsrv/slapd-srv009 DEBUG: nss cmd: /usr/bin/certutil -A -n Self-Signed-CA -t CT,, -a -i /etc/dirsrv/slapd-srv009/ca.crt -d /etc/dirsrv/slapd-srv009 -f /etc/dirsrv/slapd-srv009/pwdfile.txt DEBUG: nss cmd: /usr/bin/certutil -A -n Server-Cert -t ,, -a -i /etc/dirsrv/slapd-srv009/Server-Cert.crt -d /etc/dirsrv/slapd-srv009 -f /etc/dirsrv/slapd-srv009/pwdfile.txt DEBUG: nss cmd: /usr/bin/certutil -V -d /etc/dirsrv/slapd-srv009 -n Server-Cert -u YCV DEBUG: selinux is disabled, skipping port relabel DEBUG: selinux is disabled, skipping relabel path /var/lib/dirsrv/slapd-srv009/bak DEBUG: selinux is disabled, skipping relabel path /etc/dirsrv/slapd-srv009 DEBUG: selinux is disabled, skipping relabel path /etc/dirsrv/slapd-srv009 DEBUG: selinux is disabled, skipping relabel path /var/lib/dirsrv/slapd-srv009/db DEBUG: selinux is disabled, skipping relabel path /var/lib/dirsrv/slapd-srv009/ldif DEBUG: selinux is disabled, skipping relabel path /var/run/dirsrv/slapd-srv009 DEBUG: selinux is disabled, skipping relabel path /var/log/dirsrv/slapd-srv009 DEBUG: selinux is disabled, skipping relabel path /var/run/dirsrv DEBUG: selinux is disabled, skipping relabel path /etc/dirsrv/slapd-srv009/schema DEBUG: selinux is disabled, skipping relabel path /tmp DEBUG: selinux is disabled, skipping port relabel DEBUG: systemd status -> True DEBUG: systemd status -> True DEBUG: open(): Connecting to uri ldapi://%2Fvar%2Frun%2Fslapd-srv009.socket DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using external ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using external ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using /etc/openldap/ldap.conf certificate policy DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2 DEBUG: open(): Using root autobind ... DEBUG: open(): bound as cn=root DEBUG: Retrieving entry with [('',)] DEBUG: Retrieved entry [dn: vendorVersion: 389-Directory/1.4.4.16 B2021.175.1724 ] DEBUG: open(): Connecting to uri ldapi://%2Fvar%2Frun%2Fslapd-srv009.socket DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using external ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using external ca certificate /etc/dirsrv/slapd-srv009 DEBUG: Using /etc/openldap/ldap.conf certificate policy DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2 DEBUG: open(): Using root autobind ... DEBUG: open(): bound as cn=root DEBUG: Retrieving entry with [('',)] DEBUG: Retrieved entry [dn: vendorVersion: 389-Directory/1.4.4.16 B2021.175.1724 ] DEBUG: cn=config set REPLACE: ('nsslapd-secureport', '636') DEBUG: cn=config set REPLACE: ('nsslapd-security', 'on') DEBUG: Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'nsslapd-suffix': 'dc=d01dc\\=net', 'cn': 'userroot'} DEBUG: Using first property cn: userroot as rdn DEBUG: _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=d01dc\5c=net)(nsslapd-backend=dc=d01dc\5c=net))) DEBUG: _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userroot)(nsslapd-backend=userroot))) DEBUG: Validated dn cn=userroot,cn=ldbm database,cn=plugins,cn=config DEBUG: Creating cn=userroot,cn=ldbm database,cn=plugins,cn=config DEBUG: updating dn: cn=userroot,cn=ldbm database,cn=plugins,cn=config DEBUG: updated dn: cn=userroot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} DEBUG: updating dn: cn=userroot,cn=ldbm database,cn=plugins,cn=config DEBUG: updated dn: cn=userroot,cn=ldbm database,cn=plugins,cn=config with {'nsslapd-suffix': [b'dc=d01dc\\=net'], 'cn': [b'userroot']} DEBUG: Created entry cn=userroot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'nsslapd-suffix': [b'dc=d01dc\\=net'], 'cn': [b'userroot']} DEBUG: Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=d01dc\\=net'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userroot']} DEBUG: Using first property cn: dc\=d01dc\\\=net as rdn DEBUG: Validated dn cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config DEBUG: Creating cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config DEBUG: updating dn: cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config DEBUG: updated dn: cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} DEBUG: updating dn: cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config DEBUG: updated dn: cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config with {'cn': [b'dc=d01dc\\=net', b'dc\\=d01dc\\\\\\=net'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userroot']} DEBUG: Created entry cn=dc\=d01dc\\\=net,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=d01dc\\=net', b'dc\\=d01dc\\\\\\=net'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userroot']} DEBUG: Checking "None" under None : {'dc': 'd01dc=net', 'description': 'dc=d01dc\\=net'} DEBUG: Validated dn dc=d01dc\=net DEBUG: Creating dc=d01dc\=net DEBUG: updating dn: dc=d01dc\=net DEBUG: updated dn: dc=d01dc\=net with {'objectclass': [b'top', b'domain']} DEBUG: updating dn: dc=d01dc\=net DEBUG: updated dn: dc=d01dc\=net with {'dc': [b'd01dc=net'], 'description': [b'dc=d01dc\\=net']} DEBUG: Created entry dc=d01dc\=net : {'objectclass': [b'top', b'domain'], 'dc': [b'd01dc=net'], 'description': [b'dc=d01dc\\=net']} DEBUG: dc=d01dc\=net set ADD: ('aci', '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)') DEBUG: Adding sasl maps for suffix dc=d01dc\=net DEBUG: Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=d01dc\\=net', 'nsSaslMapFilterTemplate': '(uid=\\1)'} DEBUG: Using first property cn: rfc 2829 u syntax as rdn DEBUG: Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config DEBUG: Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config DEBUG: updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config DEBUG: updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} DEBUG: updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config DEBUG: updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=d01dc\\=net'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} DEBUG: Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=d01dc\\=net'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} DEBUG: Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=d01dc\\=net', 'nsSaslMapFilterTemplate': '(uid=&)'} DEBUG: Using first property cn: uid mapping as rdn DEBUG: Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config DEBUG: Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config DEBUG: updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config DEBUG: updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} DEBUG: updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config DEBUG: updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=d01dc\\=net'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} DEBUG: Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=d01dc\\=net'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} DEBUG: cn=config set REPLACE: ('nsslapd-rootpw', '********') DEBUG: systemd status -> True DEBUG: systemd status -> True DEBUG: systemd status -> True DEBUG: systemd status -> True DEBUG: 🎉 Instance setup complete DEBUG: FINISH: Completed installation for srv009