Bug 1922955

Summary: Resubmitting KDC cert fails with internal server error
Product: Red Hat Enterprise Linux 8 Reporter: Christian Heimes <cheimes>
Component: ipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: abokovoy, ksiddiqu, pasik, rcritten, ssidhaye, sumenon, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: 8.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.9.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 15:48:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Heimes 2021-02-01 07:52:41 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/freeipa/issue/8686

### Issue

Resubmitting the KDC cert fails with an internal server error.

#### Steps to Reproduce
1. ``ipa-getcert resubmit -f /var/kerberos/krb5kdc/kdc.crt``

#### Actual behavior

```
Request ID '20210129073342':
        status: CA_UNREACHABLE
        ca-error: Server at https://vm-023.abc.idm.lab.eng.brq.redhat.com/ipa/json failed request, will retry: 903 (an internal error has occurred).
        stuck: no
        key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key'
        certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt'
        CA: IPA
```

```
  File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 878, in execute
    ca_kdc_check(ldap, alt_principal.hostname)
  File "/usr/lib/python3.9/site-packages/ipaserver/plugins/cert.py", line 301, in ca_kdc_check
    master_dn = api_instance.Object.server.get_dn(unicode(hostname))
AttributeError: 'ldap2' object has no attribute 'Object'
```

#### Expected behavior
No error

#### Version/Release/Distribution
freeipa-server-4.10.0.dev202101260524+git30f82e2c8d-0.fc33
Comment 1 Christian Heimes 2021-02-01 07:55:10 UTC 
Upstream commits:

master: https://pagure.io/freeipa/c/24a5d4d06ba496a936b05d89081a4df0a03708b2
ipa-4-9: https://pagure.io/freeipa/c/5ab290a048d34b03821716b1606f9a33f62964d9
Comment 7 errata-xmlrpc 2021-05-18 15:48:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846