Should have been:
What is even stranger, If I exit the console and try :
ipa service-show api-requester/some-host.example.com(a)EXAMPLE.COM
______________________________________________________________________________________________
Daniel E. White
daniel.e.white@nasa.gov<mailto:daniel.e.white@nasa.gov>
NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771
Office: (301) 286-6919
Mobile: (240) 513-5290
From: "White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users"
<freeipa-users(a)lists.fedorahosted.org>
Reply-To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Date: Thursday, February 13, 2020 at 14:06
To: Alexander Bokovoy <abokovoy(a)redhat.com>
Cc: Rob Crittenden <rcritten(a)redhat.com>, FreeIPA users list
<freeipa-users(a)lists.fedorahosted.org>, Daniel White
<daniel.e.white(a)nasa.gov>
Subject: [Freeipa-users] Python-ing into FreeIPA - hit a glitch
Alexander,
I followed your instructions and ran into a problem.
These commands went as described:
$ ipa service-add api-requester/`hostname`
$ ipa service-allow-retrieve-keytab api-requester/`hostname` --users=me
$ ipa service-allow-create-keytab api-requester/`hostname` --users=me
$ ipa-getkeytab -Y GSSAPI -k api-requester.keytab -p api-requester/`me`
$ KRB5_CLIENT_KTNAME=./api-requester.keytab KRB5CCNAME=./api.ccache ipa console
(Custom IPA interactive Python console)
api: IPA API object
pp: pretty printer
api.Command.whoami()
{'object': 'service', 'command': 'service_show/1',
'arguments': ('api-requester/some-host.example.com(a)EXAMPLE.COM',)}
HOWEVER, when I tried this:
api.Command.service_show('api-requester/some-host.example.com(a)EXAMPLE.COM')
I got this error:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in
__call__
return self.__do_call(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 471, in
__do_call
params = self.convert(**params)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in
convert
(k, self.params[k].convert(v)) for (k, v) in kw.items()
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in
<genexpr>
(k, self.params[k].convert(v)) for (k, v) in kw.items()
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 852, in
convert
return convert(value)
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 839, in
convert
return self._convert_scalar(value)
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 2152, in
_convert_scalar
return super(Principal, self)._convert_scalar(value)
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 862, in
_convert_scalar
raise ConversionError(name=self.name, error=ugettext(self.type_error))
ConversionError: invalid 'krbcanonicalname': must be Kerberos principal
The argument I used in the "service_show" is identical to the argument returned
from the "whoami" command.
What is even stranger, If I exit the console and try :
api.Command.ipa service-show api-requester/some-host.example.com(a)EXAMPLE.COM
I get the expected response.
I ran this on a CentOS 7 IPA client v4.6.5-11.el7.centos.3.x86_64
The server is RHEL 7, IPA/RH-IdM server v4.6.5-11.el7_7.3.x86_64
Any ideas ?
Show replies by date