Hi,

> How about:
>
> api.bootstrap(context='webservices', debug=True, xmlrpc_uri='
> https://luna.greyoak.com/ipa/xml')
>

 when I do this, I get these messages

---------------------------------------------------------------------
In [1]: from ipalib import api

In [2]: api.bootstrap(context='webservices', debug=True, xmlrpc_uri='
https://server.domain.org/ipa/xml')

In [3]: api.env.xmlrpc_uri
Out[3]: u'https://server.domain.org/ipa/xml'

In [4]: api.env.realm
Out[4]: u'EXAMPLE.COM'

In [5]: api.finalize()
ipa: DEBUG: importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
ipa: INFO: skipping plugin module ipalib.plugins.cert: env.enable_ra is not
True
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbac.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/rolegroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/taskgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'

In [6]: api.Backend.xmlclient.connect()
ipa: INFO: Created connection context.xmlclient

In [7]: api.Command.user_show(u'admin')
ipa: DEBUG: raw: user_show(u'admin')
ipa: INFO: user_show(u'admin', all=False, raw=False)
ipa: INFO: Forwarding 'user_show' to server u'
https://server.domain.org/ipa/xml'
ipa: DEBUG: Caught fault 3008 from server https://server.domain.org/ipa/xml:
invalid 'uid': Only one value is allowed
---------------------------------------------------------------------------
ConversionError                           Traceback (most recent call last)

/root/<ipython console> in <module>()

/usr/lib/python2.6/site-packages/ipalib/frontend.pyc in __call__(self,
*args, **options)
    399         self.validate(**params)
    400         (args, options) = self.params_2_args_options(**params)
--> 401         ret = self.run(*args, **options)
    402         if (
    403             isinstance(ret, dict)

/usr/lib/python2.6/site-packages/ipalib/frontend.pyc in run(self, *args,
**options)
    668         if self.api.env.in_server:
    669             return self.execute(*args, **options)
--> 670         return self.forward(*args, **options)
    671
    672     def execute(self, *args, **kw):

/usr/lib/python2.6/site-packages/ipalib/frontend.pyc in forward(self, *args,
**kw)
    689         Forward call over XML-RPC to this same command on server.
    690         """
--> 691         return self.Backend.xmlclient.forward(self.name, *args,
**kw)
    692
    693     def finalize(self):

/usr/lib/python2.6/site-packages/ipalib/rpc.pyc in forward(self, name,
*args, **kw)
    412             if e.faultCode in self.__errors:
    413                 error = self.__errors[e.faultCode]
--> 414                 raise error(message=e.faultString)
    415             raise UnknownError(
    416                 code=e.faultCode,

ConversionError: invalid 'uid': Only one value is allowed
---------------------------------------------------------------------

For api.env.realm, u'DOMAIN.ORG' is expected value. it seems that api.env
was not initialized correctly.

Is there anything interesting logged on the server?
>
> With debug=True you get a lot more output, might show something as well.
>

You are right, here the logs on the ipa server

---------------------------------------------------------------------
==> /var/log/httpd/error_log <==
ipa: INFO: Created connection context.ldap2
ipa: DEBUG: raw: user_show((u'admin',), all=False, raw=False)
ipa: INFO: Destroyed connection context.ldap2

==> /var/log/httpd/access_log <==
172.30.0.137 - r...@domain.org [23/Apr/2010:18:06:16 +0200] "POST /ipa/xml
HTTP/1.0" 200 315

==> /var/log/httpd/error_log <==
ipa: INFO: Created connection context.ldap2
ipa: DEBUG: raw: user_show((u'admin',), all=False, raw=False)
ipa: INFO: Destroyed connection context.ldap2

==> /var/log/httpd/access_log <==
172.30.0.137 - r...@domain.org [23/Apr/2010:18:11:53 +0200] "POST /ipa/xml
HTTP/1.0" 200 315

---------------------------------------------------------------------

I think, I have this problem because I use two different versions of
freeipa. In the one hand, I have an old version (1.9.0GIT28d8bd6-0.fc12.i686
that I generated  there was a time) of freeipa on the ipa server, on the
other hand I have the last version of freeIPA on the client. So, I generated
new rpms from the last version of git repository and I installed them on the
client and server.

But when I start ipa-server-install on the server, I get an error (hem I
think that I must to post a new mail on the mailing list)

----------------------------------------------------------------------
....
....
The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring directory server for the CA:
  [1/4]: creating directory server user
  [2/4]: creating directory server instance
  [3/4]: configuring directory to start on boot
  [4/4]: restarting directory server
done configuring pkids.
Configuring certificate server:
  [1/14]: creating certificate server user
  [2/14]: configuring certificate server instance
root        : CRITICAL failed to restart ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname server.domain.org -cs_port 9445
-client_certdb_dir /tmp/tmp-Li3Uhg -client_certdb_pwd XXXXXXXX -preop_pin
cYUmg5JpkmRm3xBAlTqg -domain_name IPA -admin_user admin -admin_email
r...@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
"CN=ipa-ca-agent,O=IPA" -ldap_host server.domain.org -ldap_port 7389
-bind_dn "cn=Directory Manager" -bind_password XXXXXXXX -base_dn o=ipaca
-db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA"
-ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA"
-ca_server_cert_subject_name "CN=server.domain.org,O=IPA"
-ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA"
-ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false
-clone false' returned non-zero exit status 255
  [3/14]: creating CA agent PKCS#12 file in /root
Unexpected error - see ipaserver-install.log for details:
 Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d
/tmp/tmp-Li3Uhg -k /tmp/tmphMeDU3 -w /tmp/tmphMeDU3' returned non-zero exit
status 24

----------------------------------------------------------------------

In the logs of installation i found these errors :

----------------------------------------------------------------------
....
Attempting to connect to: server.domain.org:9445
ERROR: unable to set Cipher List
ERROR: Exception  = org.mozilla.jss.ssl.SSLSocketException: Failed to enable
cipher 0xc001
: (-12266) An unknown SSL cipher suite has been requested.
in TestCertApprovalCallback.approve()
....
....
ERROR: unable to parse xml
ERROR XML =
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA

#######################################################################

2010-04-23 18:57:01,648 INFO stderr=[Fatal Error] :1:947: The element type
"HR" must be terminated by the matching end-tag "</HR>".
org.xml.sax.SAXParseException: The element type "HR" must be terminated by
the matching end-tag "</HR>".
        at org.apache.xerces.parsers.DOMParser.parse(DOMParser.java:239)
        at
org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
        at ParseXML.parse(ParseXML.java:43)
        at ConfigureCA.LoginPanel(ConfigureCA.java:199)
        at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1138)
        at ConfigureCA.main(ConfigureCA.java:1595)
...
----------------------------------------------------------------------

I can provide you other informations if needed. Thank you for your help !
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to