Testing with freeipa master branch Install ipa server with integrated CA and try add a lighweight subca with
$ kinit admin $ ipa ca-add vpn-ca --subject "cn=vpn,o=DOMAIN.COM" ipa: ERROR: an internal error has occurred
The error_log in /var/log/httpd/error_log displays:
[Wed Sep 06 11:45:04.500026 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI wsgi_dispatch.call: [Wed Sep 06 11:45:04.500417 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI jsonserver.call: [Wed Sep 06 11:45:04.500635 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: KerberosWSGIExecutioner.call: [Wed Sep 06 11:45:04.536930 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: Created connection context.ldap2_139769558903104 [Wed Sep 06 11:45:04.537194 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: WSGI WSGIExecutioner.call: [Wed Sep 06 11:45:04.553897 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: raw: ca_add('vpn-ca', ipacasubjectdn='cn=vpn,o=DOMAIN.COM', version='2.229') [Wed Sep 06 11:45:04.554738 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: ca_add('vpn-ca', ipacasubjectdn=ipapython.dn.DN('cn=vpn,o=DOMAIN.COM'), chain=False, all=False, raw=False, version='2.229') [Wed Sep 06 11:45:04.559339 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f1ea256fd68> [Wed Sep 06 11:45:04.814993 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: raw: ca_is_enabled(version='2.229') [Wed Sep 06 11:45:04.815251 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: ca_is_enabled(version='2.229') [Wed Sep 06 11:45:04.825746 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: ERROR: non-public: AttributeError: 'str' object has no attribute 'decode' [Wed Sep 06 11:45:04.825804 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] Traceback (most recent call last): [Wed Sep 06 11:45:04.825812 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute [Wed Sep 06 11:45:04.825816 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] result = command(args, options) [Wed Sep 06 11:45:04.825820 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in call [Wed Sep 06 11:45:04.825825 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] return self.__do_call(*args, options) [Wed Sep 06 11:45:04.825829 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call [Wed Sep 06 11:45:04.825833 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ret = self.run(args, options) [Wed Sep 06 11:45:04.825836 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run [Wed Sep 06 11:45:04.825840 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] return self.execute(*args, options) [Wed Sep 06 11:45:04.825844 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1181, in execute [Wed Sep 06 11:45:04.825848 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] keys, *options) [Wed Sep 06 11:45:04.825852 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/ca.py", line 238, in pre_callback [Wed Sep 06 11:45:04.825856 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] if not ldap.can_add(dn[1:]): [Wed Sep 06 11:45:04.825860 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/ldap2.py", line 369, in can_add [Wed Sep 06 11:45:04.825864 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] entry_rights = attrs['entrylevelrights'][0].decode('UTF-8') [Wed Sep 06 11:45:04.825872 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] AttributeError: 'str' object has no attribute 'decode' [Wed Sep 06 11:45:04.825921 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] [Wed Sep 06 11:45:04.826295 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: INFO: [jsonserver_kerb] admin@DOM-090.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM: ca_add/1('vpn-ca', ipacasubjectdn='cn=vpn,o=DOM-090.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM', version='2.229'): InternalError [Wed Sep 06 11:45:04.827582 2017] [wsgi:error] [pid 25125] [remote 2620:52:0:224e:21a:4aff:fe23:169d:55708] ipa: DEBUG: Destroyed connection context.ldap2_139769558903104
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @stlaz: - Issue assigned to stlaz (was: frenaud)
Addressed as a part of https://github.com/freeipa/freeipa/pull/1052
Metadata Update from @stlaz: - Issue tagged with: py3
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.6.1
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
This was fixed as a part of the aforementioned PR, closing.
Metadata Update from @stlaz: - Issue close_status updated to: fixed
Log in to comment on this ticket.