ON both the webUI and on the CLI, we require Ticket forwarding for the web server to talk to the LDAP server.However, if the user has a valid service ticket, but does not forward the Kerberos TGT, the server gives a 500 error. The log shows the problem.
[Thu Mar 17 11:32:50 2011] [error] ipa: ERROR: jsonserver.call(): [Thu Mar 17 11:32:50 2011] [error] Traceback (most recent call last): [Thu Mar 17 11:32:50 2011] [error] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 245, in call [Thu Mar 17 11:32:50 2011] [error] response = self.wsgi_execute(environ) [Thu Mar 17 11:32:50 2011] [error] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 231, in wsgi_execute [Thu Mar 17 11:32:50 2011] [error] self.info('%s: %s(%s): SUCCESS', context.principal, name, ', '.join(self.Command[name]._repr_iter(**params))) [Thu Mar 17 11:32:50 2011] [error] AttributeError: 'thread._local' object has no attribute 'principal'
attachment freeipa-rcrit-756-ccache.patch
master: 4027b12[[BR]] ipa-2-0: 408f00f
Metadata Update from @admiyo: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/05
Login to comment on this ticket.