#8686 Resubmitting KDC cert fails with internal server error
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by cheimes.


Resubmitting the KDC cert fails with an internal server error.

Steps to Reproduce

  1. ipa-getcert resubmit -f /var/kerberos/krb5kdc/kdc.crt

Actual behavior

Request ID '20210129073342':
        status: CA_UNREACHABLE
        ca-error: Server at https://vm-023.abc.idm.lab.eng.brq.redhat.com/ipa/json failed request, will retry: 903 (an internal error has occurred).
        stuck: no
        key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key'
        certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt'
        CA: IPA
  File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 878, in execute
    ca_kdc_check(ldap, alt_principal.hostname)
  File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 301, in ca_kdc_check
    master_dn = api_instance.Object.server.get_dn(unicode(hostname))
AttributeError: 'ldap2' object has no attribute 'Object'

Expected behavior

No error



The issue is present in 4.6, 4.8, 4.9, and master.

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5496
- Issue set to the milestone: FreeIPA 4.6.9
- Issue tagged with: bug

3 years ago


  • 98a88bd Fix cert_request for KDC cert


  • 2c48897 Fix cert_request for KDC cert


  • ad8556b Fix cert_request for KDC cert


  • f45a79c Fix cert_request for KDC cert

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @cheimes:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1922955

3 years ago

Login to comment on this ticket.