[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
SRU information missing from the description
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2051363
Title:
Cannot perform certificate auto-enroll without NDES installed
Status in adsys package in Ubuntu:
Fix Released
Bug description:
NDES role should not be mandatory in order to perform certificate
auto-enrollment with adsys.
Samba/ADSys is able to take advantage of the NDES endpoint to install
the root certificate chain, but is also able to infer the certificate
information from LDAP.
Due to a bug in the Samba implementation of cert-autoenroll, the root
cert is not parsed properly if the NDES component is not installed --
so in the current state attempting auto-enrollment without NDES
installed will result in an error like the following:
2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain.
| {}
2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is
either not installed or not configured. | {}
2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {}
Traceback (most recent call last):
File "", line 142, in
File "", line 89, in main
File "", line 20, in enroll
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 502, in __enroll
self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir,
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 369, in apply
data = applier_func(*args, **kwargs)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 274, in cert_enroll
root_certs = getca(ca, url, trust_dir)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 221, in getca
cert = load_der_x509_certificate(ca['cACertificate'],
^^
File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528,
in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
^
TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
This bug was fixed in the package adsys - 0.13.3
---
adsys (0.13.3) noble; urgency=medium
* Fix cert auto-enroll without NDES (LP: #2051363)
* Refresh policy definition files (remove Lunar support)
* CI and quality of life changes not impacting package functionality:
- Bump github actions to latest:
- actions/download-artifact
- actions/setup-go
- actions/upload-artifact
* Update dependencies to latest:
- github.com/charmbracelet/bubbles
- github.com/charmbracelet/bubbletea
- github.com/google/uuid
- github.com/spf13/viper
- golang.org/x/crypto
- golang.org/x/net
- golang.org/x/sync
- golang.org/x/sys
- google.golang.org/grpc
- google.golang.org/protobuf
-- Gabriel Nagy Fri, 26 Jan 2024 13:57:46
+0200
** Changed in: adsys (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2051363
Title:
Cannot perform certificate auto-enroll without NDES installed
Status in adsys package in Ubuntu:
Fix Released
Bug description:
NDES role should not be mandatory in order to perform certificate
auto-enrollment with adsys.
Samba/ADSys is able to take advantage of the NDES endpoint to install
the root certificate chain, but is also able to infer the certificate
information from LDAP.
Due to a bug in the Samba implementation of cert-autoenroll, the root
cert is not parsed properly if the NDES component is not installed --
so in the current state attempting auto-enrollment without NDES
installed will result in an error like the following:
2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain.
| {}
2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is
either not installed or not configured. | {}
2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {}
Traceback (most recent call last):
File "", line 142, in
File "", line 89, in main
File "", line 20, in enroll
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 502, in __enroll
self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir,
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 369, in apply
data = applier_func(*args, **kwargs)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 274, in cert_enroll
root_certs = getca(ca, url, trust_dir)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 221, in getca
cert = load_der_x509_certificate(ca['cACertificate'],
^^
File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528,
in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
^
TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
** Changed in: adsys (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2051363
Title:
Cannot perform certificate auto-enroll without NDES installed
Status in adsys package in Ubuntu:
Fix Committed
Bug description:
NDES role should not be mandatory in order to perform certificate
auto-enrollment with adsys.
Samba/ADSys is able to take advantage of the NDES endpoint to install
the root certificate chain, but is also able to infer the certificate
information from LDAP.
Due to a bug in the Samba implementation of cert-autoenroll, the root
cert is not parsed properly if the NDES component is not installed --
so in the current state attempting auto-enrollment without NDES
installed will result in an error like the following:
2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain.
| {}
2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is
either not installed or not configured. | {}
2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {}
Traceback (most recent call last):
File "", line 142, in
File "", line 89, in main
File "", line 20, in enroll
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 502, in __enroll
self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir,
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 369, in apply
data = applier_func(*args, **kwargs)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 274, in cert_enroll
root_certs = getca(ca, url, trust_dir)
^
File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py",
line 221, in getca
cert = load_der_x509_certificate(ca['cACertificate'],
^^
File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528,
in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
^
TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
