FreeIPA (IdM) server fails to start with error: sasl_canonuser_add_plugin(): invalid parameter supplied
Issue
-
IdM server fails to start
# ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Failed to start named Service Shutting down Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed Aborting ipactl
-
Below error messages from
named-pkcs11
have been seen in/var/log/messages
<...> named-pkcs11[13503]: loading DynDB instance 'ipa' driver '/usr/lib64/bind/ldap.so' named-pkcs11[13503]: bind-dyndb-ldap version 11.1 compiled at 16:00:28 Aug 29 2019, compiler 8.3.1 20190507 (Red Hat 8.3.1-4) named-pkcs11[13503]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied named-pkcs11[13503]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb named-pkcs11[13503]: GSSAPI client step 1 named-pkcs11[13503]: GSSAPI client step 1 systemd[1]: named-pkcs11.service: Start operation timed out. Terminating. named-pkcs11[13503]: LDAP error: Timed out: bind to LDAP server failed named-pkcs11[13503]: GSSAPI client step 1 named-pkcs11[13503]: GSSAPI client step 1 <...> named-pkcs11[13503]: ldap_sync_prepare() failed, retrying in 1 second: socket is not connected named-pkcs11[13503]: automatic empty zone: EMPTY.AS112.ARPA named-pkcs11[13503]: automatic empty zone: HOME.ARPA named-pkcs11[13503]: none:103: 'max-cache-size 90%' - setting to 7031MB (out of 7812MB) named-pkcs11[13503]: loading configuration: shutting down named-pkcs11[13503]: exiting (due to fatal error) systemd[1]: named-pkcs11.service: Failed with result 'timeout'. systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
-
Below error messages from other services have been seen in
/var/log/messages
platform-python[24051]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied platform-python[24120]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied ns-slapd[24132]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied krb5kdc[24165]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied kadmind[24172]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied named-pkcs11[24187]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied platform-python[24199]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied [24212]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied [24216]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Environment
- Red Hat Enterprise Linux 8
- cyrus-sasl-ldap
- Red Hat Identity Management (IdM) / FreeIPA
- ipa-server
- ipa-server-dns
- bind-pkcs11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.