Description of problem: In the summary and actual results section. Version-Release number of selected component (if applicable): install from daily build 4-14-08 How reproducible: unsure Actual results: + /usr/sbin/ipa-finduser admin Traceback (most recent call last): File "/usr/share/ipa/ipaserver/ipaxmlrpc.py", line 172, in _marshaled_dispatch response = self._dispatch(method, params) File "/usr/share/ipa/ipaserver/ipaxmlrpc.py", line 205, in _dispatch ret = func(*args) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 904, in find_users config = self.get_ipa_config(opts) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 2067, in get_ipa_config config = self.get_entry_by_cn("ipaconfig", None, opts) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 420, in get_entry_by_cn return self.__get_sub_entry(self.basedn, searchfilter, sattrs, opts) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 249, in __get_sub_entry return self.__get_entry(base, ldap.SCOPE_SUBTREE, searchfilter, sattrs, opts) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 228, in __get_entry conn = self.getConnection(opts) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 190, in getConnection conn = _LDAPPool.getConn(self.host,port,krbccache,debug) File "/usr/lib/python2.4/site-packages/ipaserver/funcs.py", line 84, in getConn conn.set_krbccache(krbccache, cprinc.name) File "/usr/lib/python2.4/site-packages/ipaserver/ipaldap.py", line 318, in set_krbccache self.sasl_interactive_bind_s("", sasl_auth) File "/usr/lib/python2.4/site-packages/ipaserver/ipaldap.py", line 175, in inner return f(*args, **kargs) File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 196, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls),sasl_flags) File "/usr/lib/python2.4/site-packages/ipaserver/ipaldap.py", line 175, in inner return f(*args, **kargs) File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) LOCAL_ERROR: {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 7)', 'desc': 'Local error'} + ret=1 Expected results: Additional info: The "unspecified error" from gssapi is really not a good thing. Once this is tracked down, I'd like to open a bug against GSSAPI to make this error much better.
Ok, this error translates into: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (Server not found in Kerberos database) The reason for this is that the hostname was set improperly and wasn't in the domain that the realm was set for: iparhel5-64vm.dsqa.redhat.com instead of iparhel5-64vm.dsqa.sjc2.redhat.com Running hostname fixed it but we need to handle this, at least the GSSAPI error.
Created attachment 302538 [details] catch all errors when obtaining an LDAP connection.
git changeset dce800816736ec5e419f25bdede89f11c6e6ee0b
fixed long ago: verified against 1.1.0-2.20081119.el5ipa