Re: [Freeipa-devel] general error message at the attempt to set domain level to 0

[Martin Basti]

On 20/07/15 13:21, Oleg Fayans wrote:

Hi Martin,

[Mon Jul 20 06:41:09.540097 2015] [wsgi:error] [pid 15186] ipa: ERROR: non-public: ValueError: non-generic 'InvalidDomainLevelError' needs format=None; got format=Gettext('Domain Level cannot be lowered.', domain='ipa', localedir=None) [Mon Jul 20 06:41:09.540118 2015] [wsgi:error] [pid 15186] Traceback (most recent call last): [Mon Jul 20 06:41:09.540121 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 347, in wsgi_execute [Mon Jul 20 06:41:09.540122 2015] [wsgi:error] [pid 15186] result = self.Command[name](*args, **options) [Mon Jul 20 06:41:09.540124 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 443, in __call__ [Mon Jul 20 06:41:09.540125 2015] [wsgi:error] [pid 15186] ret = self.run(*args, **options) [Mon Jul 20 06:41:09.540127 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 760, in run [Mon Jul 20 06:41:09.540128 2015] [wsgi:error] [pid 15186] return self.execute(*args, **options) [Mon Jul 20 06:41:09.540129 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipalib/plugins/domainlevel.py", line 123, in execute [Mon Jul 20 06:41:09.540131 2015] [wsgi:error] [pid 15186] raise errors.InvalidDomainLevelError(message) [Mon Jul 20 06:41:09.540132 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipalib/errors.py", line 248, in __init__ [Mon Jul 20 06:41:09.540133 2015] [wsgi:error] [pid 15186] messages.process_message_arguments(self, format, message, **kw) [Mon Jul 20 06:41:09.540135 2015] [wsgi:error] [pid 15186] File "/usr/lib/python2.7/site-packages/ipalib/messages.py", line 52, in process_message_arguments

[Mon Jul 20 06:41:09.540136 2015] [wsgi:error] [pid 15186] name, format)

Can you please file this as a bug?
We need fix it in 4.3

Thank you.

On 07/20/2015 01:04 PM, Martin Basti wrote:

On 20/07/15 12:47, Oleg Fayans wrote:

Hi everybody,

I keep receiving the same non-specific error message during attepts to set domain level to 0:

$ ipa domainlevel-set 0
ipa: ERROR: an internal error has occurred

This error does not get recorded in the directory server errors log. Real-time observations on the access log show that only the following lines get added:

[20/Jul/2015:06:45:07 -0400] conn=151 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jul/2015:06:45:07 -0400] conn=2 op=984 RESULT err=0 tag=101 nentries=1 etime=0 [20/Jul/2015:06:45:07 -0400] conn=151 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jul/2015:06:45:08 -0400] conn=151 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jul/2015:06:45:08 -0400] conn=151 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jul/2015:06:45:08 -0400] conn=151 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=pesen,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [20/Jul/2015:06:45:08 -0400] conn=151 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=pesen,dc=net" [20/Jul/2015:06:45:08 -0400] conn=151 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [20/Jul/2015:06:45:08 -0400] conn=151 op=4 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=pesen,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [20/Jul/2015:06:45:08 -0400] conn=151 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [20/Jul/2015:06:45:08 -0400] conn=151 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress

[20/Jul/2015:06:45:08 -0400] conn=151 op=5 UNBIND
[20/Jul/2015:06:45:08 -0400] conn=151 op=5 fd=102 closed - U1

According to Ludwig, decreasing of the domain level is not supported, so we should provide some meaningfull error message in this case

P. S.
$ rpm -q freeipa-server
freeipa-server-4.2.90.201507171036GITf1f3ef4-0.fc22.x86_64
The packages were built on Friday from the upstream master.

Can you paste apache error log here please?

--
Martin Basti

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code