Should have been: What is even stranger, If I exit the console and try : ipa service-show api-requester/[email protected]
______________________________________________________________________________________________ Daniel E. White [email protected]<mailto:[email protected]> NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290 From: "White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users" <[email protected]> Reply-To: FreeIPA users list <[email protected]> Date: Thursday, February 13, 2020 at 14:06 To: Alexander Bokovoy <[email protected]> Cc: Rob Crittenden <[email protected]>, FreeIPA users list <[email protected]>, Daniel White <[email protected]> Subject: [Freeipa-users] Python-ing into FreeIPA - hit a glitch Alexander, I followed your instructions and ran into a problem. These commands went as described: $ ipa service-add api-requester/`hostname` $ ipa service-allow-retrieve-keytab api-requester/`hostname` --users=me $ ipa service-allow-create-keytab api-requester/`hostname` --users=me $ ipa-getkeytab -Y GSSAPI -k api-requester.keytab -p api-requester/`me` $ KRB5_CLIENT_KTNAME=./api-requester.keytab KRB5CCNAME=./api.ccache ipa console (Custom IPA interactive Python console) api: IPA API object pp: pretty printer api.Command.whoami() {'object': 'service', 'command': 'service_show/1', 'arguments': ('api-requester/[email protected]',)} HOWEVER, when I tried this: api.Command.service_show('api-requester/[email protected]') I got this error: Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 471, in __do_call params = self.convert(**params) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in convert (k, self.params[k].convert(v)) for (k, v) in kw.items() File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in <genexpr> (k, self.params[k].convert(v)) for (k, v) in kw.items() File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 852, in convert return convert(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 839, in convert return self._convert_scalar(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 2152, in _convert_scalar return super(Principal, self)._convert_scalar(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 862, in _convert_scalar raise ConversionError(name=self.name, error=ugettext(self.type_error)) ConversionError: invalid 'krbcanonicalname': must be Kerberos principal The argument I used in the "service_show" is identical to the argument returned from the "whoami" command. What is even stranger, If I exit the console and try : api.Command.ipa service-show api-requester/[email protected] I get the expected response. I ran this on a CentOS 7 IPA client v4.6.5-11.el7.centos.3.x86_64 The server is RHEL 7, IPA/RH-IdM server v4.6.5-11.el7_7.3.x86_64 Any ideas ?
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
