#7142 py3: ipa ca-add fails with 'an internal error has occurred'
Closed: fixed 6 years ago Opened 6 years ago by frenaud.

Testing with freeipa master branch
Install ipa server with integrated CA and try add a lighweight subca with

$ kinit admin
$ ipa ca-add vpn-ca --subject "cn=vpn,o=DOMAIN.COM"
ipa: ERROR: an internal error has occurred

The error_log in /var/log/httpd/error_log displays:


[Wed Sep 06 11:45:04.500026 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI wsgi_dispatch.call:
[Wed Sep 06 11:45:04.500417 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI jsonserver.call:
[Wed Sep 06 11:45:04.500635 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: KerberosWSGIExecutioner.call:
[Wed Sep 06 11:45:04.536930 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: Created connection context.ldap2_139769558903104
[Wed Sep 06 11:45:04.537194 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI WSGIExecutioner.call:
[Wed Sep 06 11:45:04.553897 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: raw: ca_add('vpn-ca', ipacasubjectdn='cn=vpn,o=DOMAIN.COM', version='2.229')
[Wed Sep 06 11:45:04.554738 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: ca_add('vpn-ca', ipacasubjectdn=ipapython.dn.DN('cn=vpn,o=DOMAIN.COM'), chain=False, all=False, raw=False, version='2.229')
[Wed Sep 06 11:45:04.559339 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f1ea256fd68>
[Wed Sep 06 11:45:04.814993 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: raw: ca_is_enabled(version='2.229')
[Wed Sep 06 11:45:04.815251 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: ca_is_enabled(version='2.229')
[Wed Sep 06 11:45:04.825746 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: ERROR: non-public: AttributeError: 'str' object has no attribute 'decode'
[Wed Sep 06 11:45:04.825804 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] Traceback (most recent call last):
[Wed Sep 06 11:45:04.825812 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
[Wed Sep 06 11:45:04.825816 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] result = command(args, options)
[Wed Sep 06 11:45:04.825820 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in call
[Wed Sep 06 11:45:04.825825 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] return self.__do_call(*args,
options)
[Wed Sep 06 11:45:04.825829 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Wed Sep 06 11:45:04.825833 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ret = self.run(
args, options)
[Wed Sep 06 11:45:04.825836 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Wed Sep 06 11:45:04.825840 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] return self.execute(*args,
options)
[Wed Sep 06 11:45:04.825844 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1181, in execute
[Wed Sep 06 11:45:04.825848 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] keys, *options)
[Wed Sep 06 11:45:04.825852 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/ca.py", line 238, in pre_callback
[Wed Sep 06 11:45:04.825856 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] if not ldap.can_add(dn[1:]):
[Wed Sep 06 11:45:04.825860 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/ldap2.py", line 369, in can_add
[Wed Sep 06 11:45:04.825864 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] entry_rights = attrs['entrylevelrights'][0].decode('UTF-8')
[Wed Sep 06 11:45:04.825872 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] AttributeError: 'str' object has no attribute 'decode'
[Wed Sep 06 11:45:04.825921 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708]
[Wed Sep 06 11:45:04.826295 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: INFO: [jsonserver_kerb] admin@DOM-090.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM: ca_add/1('vpn-ca', ipacasubjectdn='cn=vpn,o=DOM-090.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM', version='2.229'): InternalError
[Wed Sep 06 11:45:04.827582 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: Destroyed connection context.ldap2_139769558903104


Metadata Update from @frenaud:
- Issue assigned to frenaud

6 years ago

Metadata Update from @stlaz:
- Issue assigned to stlaz (was: frenaud)

6 years ago

Metadata Update from @stlaz:
- Issue tagged with: py3

6 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.6.1

6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)

6 years ago

This was fixed as a part of the aforementioned PR, closing.

Metadata Update from @stlaz:
- Issue close_status updated to: fixed

6 years ago

Login to comment on this ticket.

Metadata