Hello all,
Last few weeks I've been having issues with ipa-ods-export because it's
failing to start. Our infra is not impacted by the problem but will be glad
to know what could be the issue as I've tried to regenerate the keytab
/etc/ipa/dnssec/ipa-ods-exporter.keytab
Below is the error message
ipa-ods-exporter[487019]: Traceback (most recent call last):
ipa-ods-exporter[487019]: File
"/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1096, in
error_handler
ipa-ods-exporter[487019]: yield
ipa-ods-exporter[487019]: File
"/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1672, in
add_entry
ipa-ods-exporter[487019]: self.conn.add_s(str(entry.dn),
list(attrs.items()))
ipa-ods-exporter[487019]: File
"/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 236, in add_s
ipa-ods-exporter[487019]: return self.add_ext_s(dn,modlist,None,None)
ipa-ods-exporter[487019]: File
"/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 222, in
add_ext_s
ipa-ods-exporter[487019]: resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all=1,timeout=self.timeout)
ipa-ods-exporter[487019]: File
"/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 543, in
result3
ipa-ods-exporter[487019]: resp_type, resp_data, resp_msgid,
decoded_resp_ctrls, retoid, retval = self.result4(
ipa-ods-exporter[487019]: File
"/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 553, in
result4
ipa-ods-exporter[487019]: ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
ipa-ods-exporter[487019]: File
"/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 128, in
_ldap_call
ipa-ods-exporter[487019]: result = func(*args,**kwargs)
ipa-ods-exporter[487019]: ldap.INSUFFICIENT_ACCESS: {'msgtype': 105,
'msgid': 9, 'result': 50, 'desc': 'Insufficient access', 'ctrls': []}
ipa-ods-exporter[487019]: During handling of the above exception, another
exception occurred:
ipa-ods-exporter[487019]: Traceback (most recent call last):
ipa-ods-exporter[487019]: File "/usr/libexec/ipa/ipa-ods-exporter", line
719, in <module>
ipa-ods-exporter[487019]: master2ldap_master_keys_sync(ldapkeydb,
localhsm)
ipa-ods-exporter[487019]: File "/usr/libexec/ipa/ipa-ods-exporter", line
346, in master2ldap_master_keys_sync
ipa-ods-exporter[487019]: ldapkeydb.import_master_key(mkey)
ipa-ods-exporter[487019]: File
"/usr/lib/python3.9/site-packages/ipaserver/dnssec/ldapkeydb.py", line 375,
in import_master_key
ipa-ods-exporter[487019]: self.ldap.add_entry(new_key.entry)
ipa-ods-exporter[487019]: File
"/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1672, in
add_entry
ipa-ods-exporter[487019]: self.conn.add_s(str(entry.dn),
list(attrs.items()))
ipa-ods-exporter[487019]: File "/usr/lib64/python3.9/contextlib.py", line
137, in __exit__
ipa-ods-exporter[487019]: self.gen.throw(typ, value, traceback)
ipa-ods-exporter[487019]: File
"/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1122, in
error_handler
ipa-ods-exporter[487019]: raise errors.ACIError(info=info)
ipa-ods-exporter[487019]: ipalib.errors.ACIError: Insufficient access:
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
