Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1168376
see BZ comment 3. Encoding issue will be handled in #4773.
Description of problem: While trying to debug a trust-add failure, found below debug logs. Functionality seems works as expected. Version-Release number of selected component (if applicable): ipa-server-4.1.0-9.el7.x86_64 How reproducible: Steps to Reproduce: 1. Install IPA server 2. Run ipa-adtrust-install 3. Run trust-add with -vvv Actual results: [root@ibm-x3620m3-01 ~]# echo Secret123 | ipa -vvv trust-add adtest.qe --admin administrator --password ipa: INFO: trying https://ibm-x3620m3-01.steeve2011.test/ipa/session/json ipa: INFO: Forwarding 'trust_add' to json server 'https://ibm-x3620m3-01.steeve2011.test/ipa/session/json' ipa: INFO: Request: { "id": 0, "method": "trust_add", "params": [ [ "adtest.qe" ], { "all": false, "raw": false, "realm_admin": "administrator", "realm_passwd": "Secret123", "trust_type": "ad", "version": "2.108" } ] } send: u'POST /ipa/session/json HTTP/1.1\r\nHost: ibm-x3620m3-01.steeve2011.test\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://ibm-x3620m3-01.steeve2011.test/ipa/xml\r\nCookie: ipa_session=f474c2700c4a503f7b6688d4f39f7442;\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: application/json\r\nContent-Length: 190\r\n\r\n{"params": [["adtest.qe"], {"all": false, "realm_passwd": "Secret123", "raw": false, "realm_admin": "administrator", "version": "2.108", "trust_type": "ad"}], "method": "trust_add", "id": 0}' reply: 'HTTP/1.1 200 Success\r\n' header: Date: Wed, 26 Nov 2014 13:09:06 GMT header: Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 header: Set-Cookie: ipa_session=f474c2700c4a503f7b6688d4f39f7442; Domain=ibm-x3620m3-01.steeve2011.test; Path=/ipa; Expires=Wed, 26 Nov 2014 13:29:06 GMT; Secure; HttpOnly header: Vary: Accept-Encoding header: Content-Encoding: gzip header: Content-Length: 893 header: Content-Type: application/json; charset=utf-8 body: '{\n "error": null, \n "id": 0, \n "principal": "admin@STEEVE2011.TEST", \n "result": {\n "result": {\n "cn": [\n "adtest.qe"\n ], \n "ipantflatname": [\n "ADTEST"\n ], \n "ipantsecurityidentifier": [\n "S-1-5-21-1892920146-2165982554-3378841437-1012"\n ], \n "ipantsidblacklistincoming": [\n "S-1-5-20", \n "S-1-5-3", \n "S-1-5-2", \n "S-1-5-1", \n "S-1-5-7", \n "S-1-5-6", \n "S-1-5-5", \n "S-1-5-4", \n "S-1-5-9", \n "S-1-5-8", \n "S-1-5-17", \n "S-1-5-16", \n "S-1-5-15", \n "S-1-5-14", \n "S-1-5-13", \n "S-1-5-12", \n "S-1-5-11", \n "S-1-5-10", \n "S-1-3", \n "S-1-2", \n "S-1-1", \n "' body: 'S-1-0", \n "S-1-5-19", \n "S-1-5-18"\n ], \n "ipantsidblacklistoutgoing": [\n "S-1-5-20", \n "S-1-5-3", \n "S-1-5-2", \n "S-1-5-1", \n "S-1-5-7", \n "S-1-5-6", \n "S-1-5-5", \n "S-1-5-4", \n "S-1-5-9", \n "S-1-5-8", \n "S-1-5-17", \n "S-1-5-16", \n "S-1-5-15", \n "S-1-5-14", \n "S-1-5-13", \n "S-1-5-12", \n "S-1-5-11", \n "S-1-5-10", \n "S-1-3", \n "S-1-2", \n "S-1-1", \n "S-1-0", \n "S-1-5-19", \n "S-1-5-18"\n ], \n "ipantsupportedencryptiontypes": [\n "28"\n ], \n "ipanttrustattributes": [\n "8"\n ], \n "ipanttrustauthincoming": [\n ' body: ' {\n "__base64__": "AQAAAAwAAAAcAQAAgA+iLXoJ0AECAAA AAAEAADMARwAkAHIAMwBJAHEAagBrAGQAXwBkAFgAcQBCAHYAQABRAG4AawBTAGwAVwBjAEYAVgArAE 0AfgB6AHIAJgBIAGkASgBZAEwAegBTADQARABUAEMAVABQAEYAVgB+AHEAKAAtAHEAVQBKACUAXwA1A DcAJgBTADMAZABhAEoALABZAEcAJQA4ADoAagBPACEAbQBBAHAAOgBlAC4AUgBlAFsAUwBPAEgAOwA7 ADgAVgBiAD8AUQBYAGwAYgBhADwALQB4AGQARgBLAGkAQABMAHYAdQBCAEkALgBOAGwAVQBaAGUAZgB TAE8AUAAoACYAagBHAHcAZwApADEAYQA="\n }\n ], \n "ipanttrustauthoutgoing": [\n {\n "__base64__": "AQAAAAwAAAAcAQAAgA+iLXoJ0AECAAAAAAEAADMAR wAkAHIAMwBJAHEAagBrAGQAXwBkAFgAcQBCAHYAQABRAG4AawBTAGwAVwBjAEYAVgArAE0AfgB6AHIA JgBIAGkASgBZAEwAegBTADQARABUAEMAVABQAEYAVgB+AHEAKAAtAHEAVQBKACUAXwA1ADcAJgBTADM AZABhAEoALABZAEcAJQA4ADoAagBPACEAbQBBAHAAOgBlAC4AUgBlAFsAUwBPAEgAOwA7ADgAVgBiAD 8AUQBYAGwAYgBhADwALQB4AGQARgBLAGkAQABMAHYAdQBCAEkALgBOAGwAVQBaAGUAZgBTAE8AUAAoA CYAagBHAHcAZwApADEAYQA="\n }\n ], \n "ipanttrustdirection": [\n "3"\n ' body: ' ], \n "ipanttrusteddomainsid": [\n "S-1-5-21-1910160501-511572375-3625658879"\n ], \n "ipanttrustpartner": [\n "adtest.qe"\n ], \n "ipanttrustposixoffset": [\n "0"\n ], \n "ipanttrusttype": [\n "2"\n ], \n "objectclass": [\n "top", \n "ipaNTTrustedDomain", \n "ipaIDobject"\n ], \n "trustdirection": [\n "Two-way trust"\n ], \n "truststatus": [\n "Established and verified"\n ], \n "trusttype": [\n "Active Directory domain"\n ], \n "uidnumber": [\n "1119800012"\n ]\n }, \n "summary": "Added Active Directory trust for realm \\"adtest.qe\\"", \n "value": "adtest.qe"\n }, \n "version": "4.1.0"\n}' ipa: ERROR: non-public: UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 12: invalid start byte Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run return self.forward(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward return self._call_command(command, params) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 857, in _call_command return command(*params) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1004, in _call return self.__request(name, args) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 986, in __request json.dumps(response, sort_keys=True, indent=4)) File "/usr/lib64/python2.7/json/__init__.py", line 250, in dumps sort_keys=sort_keys, **kw).encode(obj) File "/usr/lib64/python2.7/json/encoder.py", line 209, in encode chunks = list(chunks) File "/usr/lib64/python2.7/json/encoder.py", line 434, in _iterencode for chunk in _iterencode_dict(o, _current_indent_level): File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict for chunk in chunks: File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict for chunk in chunks: File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict for chunk in chunks: File "/usr/lib64/python2.7/json/encoder.py", line 313, in _iterencode_list yield buf + _encoder(value) UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 12: invalid start byte ipa: ERROR: an internal error has occurred
only $subj is needed
Required by downstream release (RHEL), bumping priority.
attachment freeipa-dkupka-0037-Remove-ipanttrustauthincoming-ipanttrustauthoutgoing.patch
attachment freeipa-dkupka-0037-2-Remove-ipanttrustauthincoming-ipanttrustauthoutgoing.patch
master:
ipa-4-1:
Metadata Update from @pvoborni: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.1.3
Login to comment on this ticket.