11:53 a.m.
Attributes in the Employee Information section of the user web page are blank following a
series of OS/IPA updates.
The "ipa user-find --all" cli command shows these attributes fine.
Specifically (in my case):
Department Number
Employee Number
Employee Type
I'm wondering if anyone else has seen this. Trying to find a small test case, I've
found 1 of my development VMs that has some snapshots. It's Rocky 8. It has seen
OS/IPA updates frequently in the last month. This VM also has a snapshot on December 8th.
Now I have 3 clones of this VM (at different snapshot times):
dev-current -- fails to show these attributes on user web page
dev-dec8 -- shows these attributes
dev-dec8-updated-to-current -- shows these attributes
The system is mainly used to test updates, data remains the same. The only difference I
can think of is "dev-current" has had *incremental* OS/IPA updates between Dec
8th and now.
I'm combing through a filesystem diff, trying to figure out why they behave
differently, /usr/share/ipa appears to be the same. Something else odd:
"dev-current" has a new section "User attributes for SMB services" on
the user web page. The dev-dec8 and dev-dec8-updated-to-current states/VMs don't have
this section on the user web page.
Interested in any troubleshooting ideas, or ideas of why this is happening.
Thank you,
Scott
12:37 p.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
dnf.log shows dev-current had an update to 4.9.6-6 that the other clone (dev-dec8-updated)
did not.
It looks like 4.9.6-6, although replaced has created this lingering problem.
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2022-01-11T12:07:55-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2021-12-08T11:34:23-0700 DEBUG Upgraded:
ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
2021-12-21T09:55:41-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
12:43 p.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
Scott Serr via FreeIPA-users wrote:
dnf.log shows dev-current had an update to 4.9.6-6 that the other
clone
(dev-dec8-updated) did not.
It looks like 4.9.6-6, although replaced has created this lingering problem.
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2022-01-11T12:07:55-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2021-12-08T11:34:23-0700 DEBUG Upgraded:
ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
2021-12-21T09:55:41-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
I don't quite follow what you're trying to ask. Are these two separate
systems? Do both show the same behavior?
Does the information show in the cli? ipa user-show --all someuser
Do/did you have any custom plugins?
What exact attributes are not displaying?
rob
10:05 a.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
On 1/12/22 11:43 AM, Rob Crittenden wrote:
Scott Serr via FreeIPA-users wrote:
> Attributes in the Employee Information section of the user web page
> are blank following a series of OS/IPA updates.
> The "ipa user-find --all" cli command shows these attributes fine.
>
> Specifically (in my case):
> Department Number
> Employee Number
> Employee Type
>
> I'm wondering if anyone else has seen this. Trying to find a small
> test case, I've found 1 of my development VMs that has some
> snapshots. It's Rocky 8. It has seen OS/IPA updates frequently in
> the last month. This VM also has a snapshot on December 8th.
>
> Now I have 3 clones of this VM (at different snapshot times):
> dev-current -- fails to show these attributes on user web page
> dev-dec8 -- shows these attributes
> dev-dec8-updated-to-current -- shows these attributes
>
> The system is mainly used to test updates, data remains the same.
> The only difference I can think of is "dev-current" has had
> *incremental* OS/IPA updates between Dec 8th and now.
>
> I'm combing through a filesystem diff, trying to figure out why they
> behave differently, /usr/share/ipa appears to be the same. Something
> else odd: "dev-current" has a new section "User attributes for SMB
> services" on the user web page. The dev-dec8 and
> dev-dec8-updated-to-current states/VMs don't have this section on the
> user web page.
>
> Interested in any troubleshooting ideas, or ideas of why this is
> happening.
>
> Thank you,
> Scott
>
> dnf.log shows dev-current had an update to 4.9.6-6 that the other clone
> (dev-dec8-updated) did not.
> It looks like 4.9.6-6, although replaced has created this lingering problem.
>
> dev-dec8-updated
> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
> 2022-01-11T12:07:55-0700 DEBUG Upgraded:
> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>
> dev-current
> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
> 2021-12-08T11:34:23-0700 DEBUG Upgraded:
> ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
> 2021-12-21T09:55:41-0700 DEBUG Upgraded:
> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>
I don't quite follow what you're trying to ask. Are these two separate
systems? Do both show the same behavior?
Does the information show in the cli? ipa user-show --all someuser
Do/did you have any custom plugins?
What exact attributes are not displaying?
rob
I'm sorry Rob, yesterday my web email client didn't do well with
threading, I've tried to fix the thread.
These are clones of the same system, early on Dec 8th they were the same
and since then took 2 different upgrade paths. (I only power up 1 at a
time because of IPs and hostnames)
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2022-01-11T12:07:55-0700 DEBUG Upgraded: ipa-server-4.9.6-10
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2021-12-08T11:34:23-0700 DEBUG Upgraded: ipa-server-4.9.6-6
2021-12-21T09:55:41-0700 DEBUG Upgraded: ipa-server-4.9.6-10
The "dev-current" has gone down a different upgrade path from
"dev-dec8-updated" but they arrive at the same place (4.9.6-10). It appears
that 4.9.6-6 has caused the issue. The issue being those attributes in Employee
Information section of the web page.
These clone VMs did have a simple custom plugin. It was
/usr/share/ipa/ui/js/plugins/myplugin/myplugin.js. I removing the custom plugin (from
dev-current), but that didn't fix the missing attributes on the web page. Maybe there
is some caching that I need to clear. Very well could be something from our custom
plugin, is there anything tricky to back it out?
"ipa user-show --all me" shows Employee Type, Employee Number, and Department
Number properly.
Thank you for looking into this,
Scott
11:59 a.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
Scott Serr via FreeIPA-users wrote:
On 1/12/22 11:43 AM, Rob Crittenden wrote:
> Scott Serr via FreeIPA-users wrote:
>> Attributes in the Employee Information section of the user web page
>> are blank following a series of OS/IPA updates.
>> The "ipa user-find --all" cli command shows these attributes fine.
>>
>> Specifically (in my case):
>> Department Number
>> Employee Number
>> Employee Type
>>
>> I'm wondering if anyone else has seen this. Trying to find a small
>> test case, I've found 1 of my development VMs that has some
>> snapshots. It's Rocky 8. It has seen OS/IPA updates frequently in
>> the last month. This VM also has a snapshot on December 8th.
>>
>> Now I have 3 clones of this VM (at different snapshot times):
>> dev-current -- fails to show these attributes on user web page
>> dev-dec8 -- shows these attributes
>> dev-dec8-updated-to-current -- shows these attributes
>>
>> The system is mainly used to test updates, data remains the same.
>> The only difference I can think of is "dev-current" has had
>> *incremental* OS/IPA updates between Dec 8th and now.
>>
>> I'm combing through a filesystem diff, trying to figure out why they
>> behave differently, /usr/share/ipa appears to be the same. Something
>> else odd: "dev-current" has a new section "User attributes for
SMB
>> services" on the user web page. The dev-dec8 and
>> dev-dec8-updated-to-current states/VMs don't have this section on the
>> user web page.
>>
>> Interested in any troubleshooting ideas, or ideas of why this is
>> happening.
>>
>> Thank you,
>> Scott
>>
>> dnf.log shows dev-current had an update to 4.9.6-6 that the other clone
>> (dev-dec8-updated) did not.
>> It looks like 4.9.6-6, although replaced has created this lingering problem.
>>
>> dev-dec8-updated
>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>> 2022-01-11T12:07:55-0700 DEBUG Upgraded:
>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>
>> dev-current
>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>> 2021-12-08T11:34:23-0700 DEBUG Upgraded:
>> ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
>> 2021-12-21T09:55:41-0700 DEBUG Upgraded:
>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>
> I don't quite follow what you're trying to ask. Are these two separate
> systems? Do both show the same behavior?
>
> Does the information show in the cli? ipa user-show --all someuser
>
> Do/did you have any custom plugins?
>
> What exact attributes are not displaying?
>
> rob
>
I'm sorry Rob, yesterday my web email client didn't do well with
threading, I've tried to fix the thread.
These are clones of the same system, early on Dec 8th they were the same
and since then took 2 different upgrade paths. (I only power up 1 at a
time because of IPs and hostnames)
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2022-01-11T12:07:55-0700 DEBUG Upgraded: ipa-server-4.9.6-10
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2021-12-08T11:34:23-0700 DEBUG Upgraded: ipa-server-4.9.6-6
2021-12-21T09:55:41-0700 DEBUG Upgraded: ipa-server-4.9.6-10
The "dev-current" has gone down a different upgrade path from
"dev-dec8-updated" but they arrive at the same place (4.9.6-10). It appears
that 4.9.6-6 has caused the issue. The issue being those attributes in Employee
Information section of the web page.
These clone VMs did have a simple custom plugin. It was
/usr/share/ipa/ui/js/plugins/myplugin/myplugin.js. I removing the custom plugin (from
dev-current), but that didn't fix the missing attributes on the web page. Maybe there
is some caching that I need to clear. Very well could be something from our custom
plugin, is there anything tricky to back it out?
"ipa user-show --all me" shows Employee Type, Employee Number, and Department
Number properly.
I'm at a loss. The best I can suggest is to try the browser debugger to
see if you can tell what is happening. The data should be available
based on the cli (the ui uses the same interfaces).
As for removing it I think that removing the javascript, restarting
Apache and doing a force reload in the browser should do it.
rob
1:49 p.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
On 1/17/22 10:59 AM, Rob Crittenden wrote:
Scott Serr via FreeIPA-users wrote:
> On 1/12/22 11:43 AM, Rob Crittenden wrote:
>
>> Scott Serr via FreeIPA-users wrote:
>>> Attributes in the Employee Information section of the user web page
>>> are blank following a series of OS/IPA updates.
>>> The "ipa user-find --all" cli command shows these attributes fine.
>>>
>>> Specifically (in my case):
>>> Department Number
>>> Employee Number
>>> Employee Type
>>>
>>> I'm wondering if anyone else has seen this. Trying to find a small
>>> test case, I've found 1 of my development VMs that has some
>>> snapshots. It's Rocky 8. It has seen OS/IPA updates frequently in
>>> the last month. This VM also has a snapshot on December 8th.
>>>
>>> Now I have 3 clones of this VM (at different snapshot times):
>>> dev-current -- fails to show these attributes on user web page
>>> dev-dec8 -- shows these attributes
>>> dev-dec8-updated-to-current -- shows these attributes
>>>
>>> The system is mainly used to test updates, data remains the same.
>>> The only difference I can think of is "dev-current" has had
>>> *incremental* OS/IPA updates between Dec 8th and now.
>>>
>>> I'm combing through a filesystem diff, trying to figure out why they
>>> behave differently, /usr/share/ipa appears to be the same. Something
>>> else odd: "dev-current" has a new section "User attributes for
SMB
>>> services" on the user web page. The dev-dec8 and
>>> dev-dec8-updated-to-current states/VMs don't have this section on the
>>> user web page.
>>>
>>> Interested in any troubleshooting ideas, or ideas of why this is
>>> happening.
>>>
>>> Thank you,
>>> Scott
>>>
>>> dnf.log shows dev-current had an update to 4.9.6-6 that the other clone
>>> (dev-dec8-updated) did not.
>>> It looks like 4.9.6-6, although replaced has created this lingering problem.
>>>
>>> dev-dec8-updated
>>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>>> 2022-01-11T12:07:55-0700 DEBUG Upgraded:
>>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>>
>>> dev-current
>>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>>> 2021-12-08T11:34:23-0700 DEBUG Upgraded:
>>> ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
>>> 2021-12-21T09:55:41-0700 DEBUG Upgraded:
>>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>>
>> I don't quite follow what you're trying to ask. Are these two separate
>> systems? Do both show the same behavior?
>>
>> Does the information show in the cli? ipa user-show --all someuser
>>
>> Do/did you have any custom plugins?
>>
>> What exact attributes are not displaying?
>>
>> rob
>>
> I'm sorry Rob, yesterday my web email client didn't do well with
> threading, I've tried to fix the thread.
>
> These are clones of the same system, early on Dec 8th they were the same
> and since then took 2 different upgrade paths. (I only power up 1 at a
> time because of IPs and hostnames)
>
> dev-dec8-updated
> 2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
> 2022-01-11T12:07:55-0700 DEBUG Upgraded: ipa-server-4.9.6-10
>
> dev-current
> 2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
> 2021-12-08T11:34:23-0700 DEBUG Upgraded: ipa-server-4.9.6-6
> 2021-12-21T09:55:41-0700 DEBUG Upgraded: ipa-server-4.9.6-10
>
> The "dev-current" has gone down a different upgrade path from
"dev-dec8-updated" but they arrive at the same place (4.9.6-10). It appears
that 4.9.6-6 has caused the issue. The issue being those attributes in Employee
Information section of the web page.
>
> These clone VMs did have a simple custom plugin. It was
/usr/share/ipa/ui/js/plugins/myplugin/myplugin.js. I removing the custom plugin (from
dev-current), but that didn't fix the missing attributes on the web page. Maybe there
is some caching that I need to clear. Very well could be something from our custom
plugin, is there anything tricky to back it out?
>
> "ipa user-show --all me" shows Employee Type, Employee Number, and
Department Number properly.
I'm at a loss. The best I can suggest is to try the browser debugger to
see if you can tell what is happening. The data should be available
based on the cli (the ui uses the same interfaces).
As for removing it I think that removing the javascript, restarting
Apache and doing a force reload in the browser should do it.
rob
Rob, this may surprise you, it did me.
I set out to create a brand new replica on our production cluster. My
intent was to disconnect it from the cluster and do tests. I was not
able to do make the replica, I kept getting errors running
ipa-replica-install. I saw:
ipa: ERROR: Certificate operation cannot be completed: Request failed with
status 403: Non-2xx response from CA REST API: 403. (403)
I had to fix this before I could continue. You are well aware of the
recent issue:
Bug 2006070 - Upgrades incorrectly add secret attribute to connectors
https://bugzilla.redhat.com/show_bug.cgi?id=2006070
(First, I found at least 4 threads on this mailing list directly
connected to this issue. I'm thankful!)
I saw that my VM clone (discussed above in the thread) that skipped over
ipa-server-4.9.6-6 update, only had secret= and did not have
requiredSecret=. I removed requiredSecret from a member of the
production cluster. PKI/certs worked! And low and behold, my web
interface now shows attribute values for Employee Type, Employee Number,
and Department Number. It also no longer shows the SMB section, like we
are used to.
(In our environment we don't make use of PKI functionality on our
clients yet, otherwise I'd probably notice this breakage much earlier.)
I'm hopeful this clears up all my issues. I wanted the list to know the
fix.
Thanks for you help!
Scott
3:48 a.m.
New subject: After OS/IPA updates Employee attributes in web app are blank
Hi Scott,
we had a similar issue one year ago. When IPA was deployed in CA-less mode,
only parts of the "user" web page were properly filled:
*#8203 <https://pagure.io/freeipa/issue/8203>* User page on WebUi only has
half the information in CA-less install
*Bug 1835853* <https://bugzilla.redhat.com/show_bug.cgi?id=1835853> - No
user authentication type in web ui
*Bug 1884819* <https://bugzilla.redhat.com/show_bug.cgi?id=1884819> - IdM
Web UI shows users as disabled
The above issues were fixed (don't try to call PKI api if PKI is not
installed) but we are probably not handling properly the case where calls
to PKI throw exceptions.
Thanks for your description of the issue and resolution as it will help us
improve the robustness. The issue has been reported at #9090
<https://pagure.io/freeipa/issue/9090> WebUI does not display all the
user's attributes when it fails to communicate with PKI server.
flo
On Thu, Jan 20, 2022 at 8:52 PM Scott Serr via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
On 1/17/22 10:59 AM, Rob Crittenden wrote:
> Scott Serr via FreeIPA-users wrote:
>> On 1/12/22 11:43 AM, Rob Crittenden wrote:
>>
>>> Scott Serr via FreeIPA-users wrote:
>>>> Attributes in the Employee Information section of the user web page
>>>> are blank following a series of OS/IPA updates.
>>>> The "ipa user-find --all" cli command shows these attributes
fine.
>>>>
>>>> Specifically (in my case):
>>>> Department Number
>>>> Employee Number
>>>> Employee Type
>>>>
>>>> I'm wondering if anyone else has seen this. Trying to find a small
>>>> test case, I've found 1 of my development VMs that has some
>>>> snapshots. It's Rocky 8. It has seen OS/IPA updates frequently in
>>>> the last month. This VM also has a snapshot on December 8th.
>>>>
>>>> Now I have 3 clones of this VM (at different snapshot times):
>>>> dev-current -- fails to show these attributes on user web page
>>>> dev-dec8 -- shows these attributes
>>>> dev-dec8-updated-to-current -- shows these attributes
>>>>
>>>> The system is mainly used to test updates, data remains the same.
>>>> The only difference I can think of is "dev-current" has had
>>>> *incremental* OS/IPA updates between Dec 8th and now.
>>>>
>>>> I'm combing through a filesystem diff, trying to figure out why
they
>>>> behave differently, /usr/share/ipa appears to be the same. Something
>>>> else odd: "dev-current" has a new section "User
attributes for SMB
>>>> services" on the user web page. The dev-dec8 and
>>>> dev-dec8-updated-to-current states/VMs don't have this section on
the
>>>> user web page.
>>>>
>>>> Interested in any troubleshooting ideas, or ideas of why this is
>>>> happening.
>>>>
>>>> Thank you,
>>>> Scott
>>>>
>>>> dnf.log shows dev-current had an update to 4.9.6-6 that the other
clone
>>>> (dev-dec8-updated) did not.
>>>> It looks like 4.9.6-6, although replaced has created this lingering
problem.
>>>>
>>>> dev-dec8-updated
>>>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>>>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>>>> 2022-01-11T12:07:55-0700 DEBUG Upgraded:
>>>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>>>
>>>> dev-current
>>>> 2021-11-04T12:48:27-0600 DEBUG Upgraded:
>>>> ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
>>>> 2021-12-08T11:34:23-0700 DEBUG Upgraded:
>>>> ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
>>>> 2021-12-21T09:55:41-0700 DEBUG Upgraded:
>>>> ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
>>>>
>>> I don't quite follow what you're trying to ask. Are these two
separate
>>> systems? Do both show the same behavior?
>>>
>>> Does the information show in the cli? ipa user-show --all someuser
>>>
>>> Do/did you have any custom plugins?
>>>
>>> What exact attributes are not displaying?
>>>
>>> rob
>>>
>> I'm sorry Rob, yesterday my web email client didn't do well with
>> threading, I've tried to fix the thread.
>>
>> These are clones of the same system, early on Dec 8th they were the same
>> and since then took 2 different upgrade paths. (I only power up 1 at a
>> time because of IPs and hostnames)
>>
>> dev-dec8-updated
>> 2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
>> 2022-01-11T12:07:55-0700 DEBUG Upgraded: ipa-server-4.9.6-10
>>
>> dev-current
>> 2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
>> 2021-12-08T11:34:23-0700 DEBUG Upgraded: ipa-server-4.9.6-6
>> 2021-12-21T09:55:41-0700 DEBUG Upgraded: ipa-server-4.9.6-10
>>
>> The "dev-current" has gone down a different upgrade path from
"dev-dec8-updated" but they arrive at the same place (4.9.6-10). It
appears that 4.9.6-6 has caused the issue. The issue being those
attributes in Employee Information section of the web page.
>>
>> These clone VMs did have a simple custom plugin. It was
/usr/share/ipa/ui/js/plugins/myplugin/myplugin.js. I removing the custom
plugin (from dev-current), but that didn't fix the missing attributes on
the web page. Maybe there is some caching that I need to clear. Very well
could be something from our custom plugin, is there anything tricky to back
it out?
>>
>> "ipa user-show --all me" shows Employee Type, Employee Number, and
Department Number properly.
> I'm at a loss. The best I can suggest is to try the browser debugger to
> see if you can tell what is happening. The data should be available
> based on the cli (the ui uses the same interfaces).
>
> As for removing it I think that removing the javascript, restarting
> Apache and doing a force reload in the browser should do it.
>
> rob
Rob, this may surprise you, it did me.
I set out to create a brand new replica on our production cluster. My
intent was to disconnect it from the cluster and do tests. I was not
able to do make the replica, I kept getting errors running
ipa-replica-install. I saw:
ipa: ERROR: Certificate operation cannot be completed: Request failed with
status 403: Non-2xx response from CA REST API: 403. (403)
I had to fix this before I could continue. You are well aware of the
recent issue:
Bug 2006070 - Upgrades incorrectly add secret attribute to connectors
https://bugzilla.redhat.com/show_bug.cgi?id=2006070
(First, I found at least 4 threads on this mailing list directly
connected to this issue. I'm thankful!)
I saw that my VM clone (discussed above in the thread) that skipped over
ipa-server-4.9.6-6 update, only had secret= and did not have
requiredSecret=. I removed requiredSecret from a member of the
production cluster. PKI/certs worked! And low and behold, my web
interface now shows attribute values for Employee Type, Employee Number,
and Department Number. It also no longer shows the SMB section, like we
are used to.
(In our environment we don't make use of PKI functionality on our
clients yet, otherwise I'd probably notice this breakage much earlier.)
I'm hopeful this clears up all my issues. I wanted the list to know the
fix.
Thanks for you help!
Scott
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
824
days inactive
833
days old
freeipa-users@lists.fedorahosted.org
6 comments
3 participants
participants (3)
-
Florence Blanc-Renaud -
Rob Crittenden -
Scott Serr