Rob Crittenden wrote:
Jenny Galipeau wrote:
John Dennis wrote:
On 10/08/2009 05:22 PM, Rob Crittenden wrote:
John Dennis wrote:
Thanks Rob. BTW, I was going to add a try/except block around that
code in selfsign and return a non-zero status if it fails. Do we have
predefined status codes I should be using?

I'm assuming you mean around the certs.next_serial() call?


Not really sure. This is really a "server blew up" sort of error, I'm
not sure what the best thing to return to the client is in this case. I
think something that says "the server is hosed, you can't fix it from
there" sort of error would be nice. AFAIK we don't currently define such
a beastie.

Well, looking at it looks like it should be an ExecutionError in the 4000-4999 range. How about adding UnableToCompleteCertificateOperation as a generic error for any certificate operation we can't run to completion,
It would also be nice to reference the log, as in "Please see mylog.log for details."

Well, this is a pretty common, generic problem. We don't want to give too many specifics to a client. The assumption is that they'll go bug their administrator.
Ah yes ... forgot it was the client!

We could add the "See your system administrator" but that is truly annoying when you're the administrator trying to debug the problem. I myself have shouted any number of time "But I *am* the %...@!@ system administrator" when presented with similar messages on other systems.
:-) hehe ... I guess it is most likely that an admin will be running the ipa join command - true?

What we'll have to do is document somewhere that tracebacks can be found in the Apache error log.


Jenny Galipeau <>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

Freeipa-devel mailing list

Reply via email to