It works !!! I installed my server with --selfsign and i added in_tree=False in my api.bootstrap() method and it runs very well. Thank you guys ^^
-- Meilleures salutations / Best Regards Rachid ALAHYANE 2010/4/23 Rob Crittenden <[email protected]> > Lots of embedded comments... > > ALAHYANE Rachid wrote: > >> Hi, >> >> >> How about: >> >> api.bootstrap(context='webservices', debug=True, >> xmlrpc_uri='https://luna.greyoak.com/ipa/xml') >> >> >> when I do this, I get these messages >> >> --------------------------------------------------------------------- >> In [1]: from ipalib import api >> >> In [2]: api.bootstrap(context='webservices', debug=True, xmlrpc_uri=' >> https://server.domain.org/ipa/xml') >> >> In [3]: api.env.xmlrpc_uri Out[3]: u'https://server.domain.org/ipa/xml' >> >> In [4]: api.env.realm Out[4]: u'EXAMPLE.COM <http://EXAMPLE.COM>' >> >> >> In [5]: api.finalize() >> ipa: DEBUG: importing all plugin modules in >> '/usr/lib/python2.6/site-packages/ipalib/plugins'... >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' >> ipa: INFO: skipping plugin module ipalib.plugins.cert: env.enable_ra is >> not True >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbac.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/rolegroup.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/taskgroup.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' >> ipa: DEBUG: importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' >> >> In [6]: api.Backend.xmlclient.connect() >> ipa: INFO: Created connection context.xmlclient >> >> In [7]: api.Command.user_show(u'admin') >> ipa: DEBUG: raw: user_show(u'admin') >> ipa: INFO: user_show(u'admin', all=False, raw=False) >> ipa: INFO: Forwarding 'user_show' to server u' >> https://server.domain.org/ipa/xml' >> ipa: DEBUG: Caught fault 3008 from server >> https://server.domain.org/ipa/xml: invalid 'uid': Only one value is >> allowed >> >> --------------------------------------------------------------------------- >> ConversionError Traceback (most recent call >> last) >> >> /root/<ipython console> in <module>() >> >> /usr/lib/python2.6/site-packages/ipalib/frontend.pyc in __call__(self, >> *args, **options) >> 399 self.validate(**params) >> 400 (args, options) = self.params_2_args_options(**params) >> --> 401 ret = self.run(*args, **options) >> 402 if ( >> 403 isinstance(ret, dict) >> >> /usr/lib/python2.6/site-packages/ipalib/frontend.pyc in run(self, *args, >> **options) >> 668 if self.api.env.in_server: >> 669 return self.execute(*args, **options) >> --> 670 return self.forward(*args, **options) >> 671 672 def execute(self, *args, **kw): >> >> /usr/lib/python2.6/site-packages/ipalib/frontend.pyc in forward(self, >> *args, **kw) >> 689 Forward call over XML-RPC to this same command on server. >> 690 """ >> --> 691 return self.Backend.xmlclient.forward(self.name < >> http://self.name>, *args, **kw) >> >> 692 693 def finalize(self): >> >> /usr/lib/python2.6/site-packages/ipalib/rpc.pyc in forward(self, name, >> *args, **kw) >> 412 if e.faultCode in self.__errors: >> 413 error = self.__errors[e.faultCode] >> --> 414 raise error(message=e.faultString) >> 415 raise UnknownError( >> 416 code=e.faultCode, >> >> ConversionError: invalid 'uid': Only one value is allowed >> --------------------------------------------------------------------- >> >> For api.env.realm, u'DOMAIN.ORG <http://DOMAIN.ORG>' is expected value. >> it seems that api.env was not initialized correctly. >> > > I suspect is isn't reading the configuration file. Try adding > 'in_tree=False' to your bootstrap call. This should force it to read > /etc/ipa/default.conf (which I assume you have configured). > > >> Is there anything interesting logged on the server? >> >> With debug=True you get a lot more output, might show something as >> well. >> >> >> You are right, here the logs on the ipa server >> >> --------------------------------------------------------------------- >> ==> /var/log/httpd/error_log <== >> ipa: INFO: Created connection context.ldap2 >> ipa: DEBUG: raw: user_show((u'admin',), all=False, raw=False) >> ipa: INFO: Destroyed connection context.ldap2 >> >> ==> /var/log/httpd/access_log <== >> 172.30.0.137 - [email protected] <mailto:[email protected]> >> [23/Apr/2010:18:06:16 +0200] "POST /ipa/xml HTTP/1.0" 200 315 >> >> >> ==> /var/log/httpd/error_log <== >> ipa: INFO: Created connection context.ldap2 >> ipa: DEBUG: raw: user_show((u'admin',), all=False, raw=False) >> ipa: INFO: Destroyed connection context.ldap2 >> >> ==> /var/log/httpd/access_log <== >> 172.30.0.137 - [email protected] <mailto:[email protected]> >> [23/Apr/2010:18:11:53 +0200] "POST /ipa/xml HTTP/1.0" 200 315 >> >> >> --------------------------------------------------------------------- >> >> I think, I have this problem because I use two different versions of >> freeipa. In the one hand, I have an old version (1.9.0GIT28d8bd6-0.fc12.i686 >> that I generated there was a time) of freeipa on the ipa server, on the >> other hand I have the last version of freeIPA on the client. So, I generated >> new rpms from the last version of git repository and I installed them on the >> client and server. >> > > Yes, I think you're right here. The multiple value error is because admin > is being converted into a tuple at some point. Looks ok in the client log > though we'd have to enable more XML-RPC debugging to see what it is sent as > on the wire. We did some recent API changes so I'm going to guess this is > what the problem is, updating (or using the same version of IPA on both > sides) is the right way to go. > > >> But when I start ipa-server-install on the server, I get an error (hem I >> think that I must to post a new mail on the mailing list) >> >> ---------------------------------------------------------------------- >> .... >> .... >> The following operations may take some minutes to complete. >> Please wait until the prompt is returned. >> >> Configuring directory server for the CA: >> [1/4]: creating directory server user >> [2/4]: creating directory server instance >> [3/4]: configuring directory to start on boot >> [4/4]: restarting directory server >> done configuring pkids. >> Configuring certificate server: >> [1/14]: creating certificate server user >> [2/14]: configuring certificate server instance >> root : CRITICAL failed to restart ca instance Command >> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname >> server.domain.org <http://server.domain.org> -cs_port 9445 >> -client_certdb_dir /tmp/tmp-Li3Uhg -client_certdb_pwd XXXXXXXX -preop_pin >> cYUmg5JpkmRm3xBAlTqg -domain_name IPA -admin_user admin -admin_email >> r...@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent >> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject >> "CN=ipa-ca-agent,O=IPA" -ldap_host server.domain.org < >> http://server.domain.org> -ldap_port 7389 -bind_dn "cn=Directory Manager" >> -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 >> -key_type rsa -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad >> -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" >> -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" >> -ca_server_cert_subject_name "CN=server.domain.org < >> http://server.domain.org>,O=IPA" -ca_audit_signing_cert_subject_name >> "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate >> Authority,O=IPA" -external false -clone false' returned non-zero exit status >> 255 >> >> [3/14]: creating CA agent PKCS#12 file in /root >> Unexpected error - see ipaserver-install.log for details: >> Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d >> /tmp/tmp-Li3Uhg -k /tmp/tmphMeDU3 -w /tmp/tmphMeDU3' returned non-zero exit >> status 24 >> > > Yeah, mismatch in dogtag. You have two choices: > > 1. If you don't care about the CA at this point you can install the IPA > server with --selfsign which will install a simpler, self-signed CA that > uses the NSS command-line utilities for certificates. Not really the best > choice for a production installation but adequate for testing. > > 2. Enable the updates-testing repo and update dogtag. I think that this > should do it: yum --enablerepo=updates-testing update pki-* dogtag-* > > The problem is dogtag has pretty weak dependencies right now and at least > one package is still lingering in updates-testing (pki-common). > > rob >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
