RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1782572 - "Internal Server Error" reported for minor issues implies IPA is broken [IdmHackfest2019]
Summary: "Internal Server Error" reported for minor issues implies IPA is broken [IdmH...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.1
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: 8.0
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-11 21:14 UTC by Josip Vilicic
Modified: 2023-02-12 22:28 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 15:44:43 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FREEIPA-9433 0 None None None 2023-02-12 22:28:32 UTC
Red Hat Issue Tracker RHELPLAN-31197 0 None None None 2023-02-12 22:27:22 UTC
Red Hat Product Errata RHEA-2020:1640 0 None None None 2020-04-28 15:44:56 UTC

Description Josip Vilicic 2019-12-11 21:14:54 UTC 
Description of problem:
Receiving "Internal Server Error" or "ipa: ERROR: cannot connect to 'any of the configured servers'" from IPA when performing a non-critical task may imply to customers that a fully-functional IPA instance is somehow broken


Version-Release number of selected component (if applicable):
RHEL 8.1 / IPA 4.8


How reproducible:
Consistent


Steps to Reproduce:
1. Set up IPA and Establish Trust with an AD domain
2. kinit as an AD user, but do not have them in the "Default Trust View"
3. Perform an IPA command, like `ipa ping`


Actual results:
"Internal Server Error" or "cannot connect to 'any of the configured servers'" message is displayed


Expected results:
Report a less-general, less-alarming error message like "you do not have permissions to run this command" so customers know IPA is still working as expected


Additional info:
1) At one point at IdM Hackfest 2019, we received "Internal Server Error" on a fresh install when performing `ipa ping` with an unprivileged user, but was unable to reproduce this afterwards.

2) Received another misleading error:

   [root@replica ~]# kinit Administrator
   Password for Administrator: 

   [root@replica ~]# id Administrator
   id: ‘Administrator’: no such user

   [root@replica ~]# ipa ping
   ipa: ERROR: cannot connect to 'any of the configured servers': https://replica.ipa.test/ipa/json, https://master.ipa.test/ipa/json
Comment 2 Florence Blanc-Renaud 2020-01-09 13:29:17 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8163
Comment 3 Florence Blanc-Renaud 2020-01-10 16:10:34 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/e2d69380fbae6dab244fce3fd5afe5fdc28a2663
Comment 4 Florence Blanc-Renaud 2020-01-13 12:10:10 UTC 
Fixed upstream
ipa-4-8:
https://pagure.io/freeipa/c/4db18be5467c0b8f7633b281c724f469f907e573

ipa-4-7:
https://pagure.io/freeipa/c/f9f822ac10c0a5fffca906d5f5412c8d35adcc18
Comment 8 Mohammad Rizwan 2020-03-03 12:40:40 UTC 
~~~~~~~~~~~~~~
older version:
~~~~~~~~~~~~~~
ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
ipa-server-trust-ad-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
ipa-server-dns-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch

Default principal: Administrator

Valid starting       Expires              Service principal
03/03/2020 07:38:29  03/03/2020 17:38:29  krbtgt/WIN2016.TEST
	renew until 03/04/2020 07:38:26
[root@master ~]# 
[root@master ~]# 
[root@master ~]# ipa ping
ipa: ERROR: cannot connect to 'https://master.testrealm.test/ipa/json': Internal Server Error


~~~~~~~~~~~~~~
Fixed version:
~~~~~~~~~~~~~~
version:
ipa-server-trust-ad-4.8.4-6.module+el8.2.0+5773+68ace8c5.x86_64
ipa-server-4.8.4-6.module+el8.2.0+5773+68ace8c5.x86_64
ipa-server-dns-4.8.4-6.module+el8.2.0+5773+68ace8c5.noarch

Steps: mentioned in description

Actual result:
[root@master ~]# kinit etuser1
Password for etuser1: 
[root@master ~]# ipa ping
ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid credentials

The error message seems more promising after the fix. Thus marking the bug verifed.
Comment 9 François Cami 2020-04-02 12:37:51 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/a02df530a6b4b5f5f6f9661da33aa2fb0cd47211
Comment 10 François Cami 2020-04-03 09:49:57 UTC 
Fixed upstream
ipa-4-8:
https://pagure.io/freeipa/c/90eef2f84d3ad61894a1656c529000072e6cb036
Comment 12 errata-xmlrpc 2020-04-28 15:44:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1640
Note You need to log in before you can comment on or make changes to this bug.