On 10/07/2014 06:48 PM, Jan Cholasta wrote: > Hi, > > the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4540>. > > The error message is now the generic ACI error message, e.g. "Insufficient > access: Insufficient 'add' privilege to add the entry > 'krbprincipalname=something/somehost.example....@example.com,cn=services,cn=accounts,dc=example,dc=com'. > > " > > Honza
Yup, simpler is better in this case. The certmonger tracker seems easier to understand to me now: # ipa-getcert list -i 20141008071708 Number of certificates and requests being tracked: 9. Request ID '20141008071708': status: CA_REJECTED ca-error: Server at https://ipa.mkosek-fedora20.test/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: Insufficient 'add' privilege to add the entry 'krbprincipalname=test/ipa.mkosek-fedora20.t...@mkosek-fedora20.test,cn=services,cn=accounts,dc=mkosek-fedora20,dc=test'.). stuck: yes key pair storage: type=NSSDB,location='/etc/httpd/nssdb',nickname='Server-Cert',token='NSS Certificate DB' certificate: type=NSSDB,location='/etc/httpd/nssdb',nickname='Server-Cert' CA: IPA issuer: subject: expires: unknown pre-save command: post-save command: track: yes auto-renew: yes ACK. Pushed to: master: 8e602eaf46b71ad8f713f549d6a823c70567bb22 ipa-4-1: ed5ffbfd75f3f1a62581c50a2c64d9e75fc74081 ipa-4-0: 80da03a2169de3a78edec42c1eab1f87734f49a7 Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel