Hello,
On (self-supported) RHEL 8, since the last update, we are not able to login to the Web UI anymore.
IPA package version is: 4.9.2-4.module+el8.4.0+11156+94d209c1
In Firefox we get:
IPA Error 903: InternalError
an internal error has occurred
and then:
Web UI got in unrecoverable state during "metadata" phase.
In the httpd error log we see:
[Sat Nov 06 07:05:05.971287 2021] ipa: ERROR: non-public: KeyError: 'ipatrustedaddomainrange'
[Sat Nov 06 07:05:05.971311 2021] Traceback (most recent call last):
[Sat Nov 06 07:05:05.971315 2021] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 397, in wsgi_execute
[Sat Nov 06 07:05:05.971317 2021] result = command(*args, **options)
[Sat Nov 06 07:05:05.971320 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 471, in __call__
[Sat Nov 06 07:05:05.971322 2021] return self.__do_call(*args, **options)
[Sat Nov 06 07:05:05.971324 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 499, in __do_call
[Sat Nov 06 07:05:05.971327 2021] ret = self.run(*args, **options)
[Sat Nov 06 07:05:05.971329 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 821, in run
[Sat Nov 06 07:05:05.971331 2021] return self.execute(*args, **options)
[Sat Nov 06 07:05:05.971334 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 126, in execute
[Sat Nov 06 07:05:05.971336 2021] (o.name, json_serialize(o)) for o in self.api.Object()
[Sat Nov 06 07:05:05.971339 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 127, in <genexpr>
[Sat Nov 06 07:05:05.971341 2021] if o is self.api.Object[o.name]
[Sat Nov 06 07:05:05.971343 2021] File "/usr/lib/python3.6/site-packages/ipalib/util.py", line 106, in json_serialize
[Sat Nov 06 07:05:05.971346 2021] return json_serialize(obj.__json__())
[Sat Nov 06 07:05:05.971348 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 889, in __json__
[Sat Nov 06 07:05:05.971351 2021] attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Sat Nov 06 07:05:05.971353 2021] File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 378, in attribute_types
[Sat Nov 06 07:05:05.971355 2021] object_class = self.sed[ObjectClass][object_class_oid]
[Sat Nov 06 07:05:05.971368 2021] KeyError: 'ipatrustedaddomainrange'
In order to analyse, we configured /etc/ipa/server.conf as:
[global]
debug=true
and restarted IPA. And it is sometimes working again (not clear whether this is thanks to this file, or because of the restart), but then after a while it is failing again.
We ran ipa-server-upgrade manually (successful).
All ipa services are up, Kerberos login works fine.
ipa-healthcheck does not return any warning or error.
We are *not* using AD integration at all.
The package ipa-server-trust-ad is not installed.
Does this ring a bell to you?
How should we analyse further?
Thanks in advance for your help!
Mathieu