FreeIPA (IdM) server fails to start with error: sasl_canonuser_add_plugin(): invalid parameter supplied

Issue

• IdM server fails to start

  # ipactl start
  Starting Directory Service
  Starting krb5kdc Service
  Starting kadmin Service
  Starting named Service
  Failed to start named Service
  Shutting down
  Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed
  Aborting ipactl
  

• Below error messages from named-pkcs11 have been seen in /var/log/messages

  <...>
  named-pkcs11[13503]: loading DynDB instance 'ipa' driver '/usr/lib64/bind/ldap.so'
  named-pkcs11[13503]: bind-dyndb-ldap version 11.1 compiled at 16:00:28 Aug 29 2019, compiler 8.3.1 20190507 (Red Hat 8.3.1-4)
  named-pkcs11[13503]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  named-pkcs11[13503]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
  named-pkcs11[13503]: GSSAPI client step 1
  named-pkcs11[13503]: GSSAPI client step 1
  systemd[1]: named-pkcs11.service: Start operation timed out. Terminating.
  
  named-pkcs11[13503]: LDAP error: Timed out: bind to LDAP server failed
  named-pkcs11[13503]: GSSAPI client step 1
  named-pkcs11[13503]: GSSAPI client step 1
  
  <...>
  
  named-pkcs11[13503]: ldap_sync_prepare() failed, retrying in 1 second: socket is not connected
  named-pkcs11[13503]: automatic empty zone: EMPTY.AS112.ARPA
  named-pkcs11[13503]: automatic empty zone: HOME.ARPA
  named-pkcs11[13503]: none:103: 'max-cache-size 90%' - setting to 7031MB (out of 7812MB)
  named-pkcs11[13503]: loading configuration: shutting down
  named-pkcs11[13503]: exiting (due to fatal error)
  systemd[1]: named-pkcs11.service: Failed with result 'timeout'.
  systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
  

• Below error messages from other services have been seen in /var/log/messages

  platform-python[24051]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  platform-python[24120]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  ns-slapd[24132]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  krb5kdc[24165]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  kadmind[24172]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  named-pkcs11[24187]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  platform-python[24199]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  [24212]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
  [24216]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied