URL: https://github.com/freeipa/freeipa/pull/4110 Author: flo-renaud Title: #4110: AD user without override receive InternalServerError with API Action: opened
PR body: """ When ipa commands are used by an Active Directory user that does not have any idoverride-user set, they return the following error message which can be misleading: $ kinit adu...@addomain.com $ ipa ping ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Internal Server Error The fix properly handles ACIError exception received when creating the context, and now the following message can be seen: $ kinit adu...@addomain.com $ ipa ping ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Unauthorized with the following log in /var/log/httpd/error_log: ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credentials Fixes: https://pagure.io/freeipa/issue/8163 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4110/head:pr4110 git checkout pr4110
From c74068e50991536f6cb09d70fac1a0a99c8e2872 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 9 Jan 2020 14:20:53 +0100 Subject: [PATCH] AD user without override receive InternalServerError with API When ipa commands are used by an Active Directory user that does not have any idoverride-user set, they return the following error message which can be misleading: $ kinit adu...@addomain.com $ ipa ping ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Internal Server Error The fix properly handles ACIError exception received when creating the context, and now the following message can be seen: $ kinit adu...@addomain.com $ ipa ping ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Unauthorized with the following log in /var/log/httpd/error_log: ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credentials Fixes: https://pagure.io/freeipa/issue/8163 --- ipaserver/rpcserver.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 0495557cdf..9f8102ebcb 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -690,6 +690,8 @@ def __call__(self, environ, start_response): self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( environ, start_response) + except ACIError as e: + return self.unauthorized(environ, start_response, str(e), 'denied') except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8')
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org