Resubmitting the KDC cert fails with an internal server error.
ipa-getcert resubmit -f /var/kerberos/krb5kdc/kdc.crt
Request ID '20210129073342': status: CA_UNREACHABLE ca-error: Server at https://vm-023.abc.idm.lab.eng.brq.redhat.com/ipa/json failed request, will retry: 903 (an internal error has occurred). stuck: no key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key' certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt' CA: IPA
File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 878, in execute ca_kdc_check(ldap, alt_principal.hostname) File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 301, in ca_kdc_check master_dn = api_instance.Object.server.get_dn(unicode(hostname)) AttributeError: 'ldap2' object has no attribute 'Object'
No error
freeipa-server-4.10.0.dev202101260524+git30f82e2c8d-0.fc33
The issue is present in 4.6, 4.8, 4.9, and master.
Metadata Update from @cheimes: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5496 - Issue set to the milestone: FreeIPA 4.6.9 - Issue tagged with: bug
master:
ipa-4-9:
ipa-4-6:
ipa-4-8:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @cheimes: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1922955
Issue linked to Bugzilla: Bug 1922955
Login to comment on this ticket.