[Freeipa-users] Re: Problems with ipa-ods-exporter

Wed, 18 Sep 2024 14:09:26 -0700 

Hey Rob,

Yes, error was present before regenerating the keytab, and i've done it
using:

kinit -kt /etc/ipa/dnssec/ipa-ods-exporter.keytab ipa-ods-exporter/
login.example.net

Then I only chown-ed the tab so it can be readable.



On Wed, Sep 18, 2024 at 10:51 PM Rob Crittenden <[email protected]> wrote:

> Yavor Marinov via FreeIPA-users wrote:
> > Hello all,
> >
> > Last few weeks I've been having issues with ipa-ods-export because it's
> > failing to start. Our infra is not impacted by the problem but will be
> > glad to know what could be the issue as I've tried to regenerate the
> > keytab /etc/ipa/dnssec/ipa-ods-exporter.keytab
>
> Was it throwing this same error prior to regenerating the keytab? How
> did you do that?
>
> rob
>
> >
> > Below is the error message
> >
> >
> > ipa-ods-exporter[487019]: Traceback (most recent call last):
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1096, in
> > error_handler
> > ipa-ods-exporter[487019]:    yield
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1672, in
> > add_entry
> > ipa-ods-exporter[487019]:    self.conn.add_s(str(entry.dn),
> > list(attrs.items()))
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 236, in
> add_s
> > ipa-ods-exporter[487019]:    return self.add_ext_s(dn,modlist,None,None)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 222, in
> > add_ext_s
> > ipa-ods-exporter[487019]:    resp_type, resp_data, resp_msgid,
> > resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 543, in
> > result3
> > ipa-ods-exporter[487019]:    resp_type, resp_data, resp_msgid,
> > decoded_resp_ctrls, retoid, retval = self.result4(
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 553, in
> > result4
> > ipa-ods-exporter[487019]:    ldap_result =
> >
> self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 128, in
> > _ldap_call
> > ipa-ods-exporter[487019]:    result = func(*args,**kwargs)
> > ipa-ods-exporter[487019]: ldap.INSUFFICIENT_ACCESS: {'msgtype': 105,
> > 'msgid': 9, 'result': 50, 'desc': 'Insufficient access', 'ctrls': []}
> > ipa-ods-exporter[487019]: During handling of the above exception,
> > another exception occurred:
> > ipa-ods-exporter[487019]: Traceback (most recent call last):
> > ipa-ods-exporter[487019]:  File "/usr/libexec/ipa/ipa-ods-exporter",
> > line 719, in <module>
> > ipa-ods-exporter[487019]:    master2ldap_master_keys_sync(ldapkeydb,
> > localhsm)
> > ipa-ods-exporter[487019]:  File "/usr/libexec/ipa/ipa-ods-exporter",
> > line 346, in master2ldap_master_keys_sync
> > ipa-ods-exporter[487019]:    ldapkeydb.import_master_key(mkey)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib/python3.9/site-packages/ipaserver/dnssec/ldapkeydb.py", line
> > 375, in import_master_key
> > ipa-ods-exporter[487019]:    self.ldap.add_entry(new_key.entry)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1672, in
> > add_entry
> > ipa-ods-exporter[487019]:    self.conn.add_s(str(entry.dn),
> > list(attrs.items()))
> > ipa-ods-exporter[487019]:  File "/usr/lib64/python3.9/contextlib.py",
> > line 137, in __exit__
> > ipa-ods-exporter[487019]:    self.gen.throw(typ, value, traceback)
> > ipa-ods-exporter[487019]:  File
> > "/usr/lib/python3.9/site-packages/ipapython/ipaldap.py", line 1122, in
> > error_handler
> > ipa-ods-exporter[487019]:    raise errors.ACIError(info=info)
> > ipa-ods-exporter[487019]: ipalib.errors.ACIError: Insufficient access:
> >
> >
>
>

-- 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to