[Freeipa-users] Python-ing into FreeIPA - hit a glitch

[White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users]

Alexander,

I followed your instructions and ran into a problem.

These commands went as described:
$ ipa service-add api-requester/`hostname`
$ ipa service-allow-retrieve-keytab api-requester/`hostname` --users=me
$ ipa service-allow-create-keytab api-requester/`hostname` --users=me
$ ipa-getkeytab -Y GSSAPI -k api-requester.keytab  -p api-requester/`me`
$ KRB5_CLIENT_KTNAME=./api-requester.keytab KRB5CCNAME=./api.ccache ipa console
(Custom IPA interactive Python console)
     api: IPA API object
     pp: pretty printer
api.Command.whoami()
{'object': 'service', 'command': 'service_show/1', 'arguments': 
('api-requester/some-host.example....@example.com',)}

HOWEVER, when I tried this:
api.Command.service_show('api-requester/some-host.example....@example.com')

I got this error:
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in 
__call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 471, in 
__do_call
    params = self.convert(**params)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in 
convert
    (k, self.params[k].convert(v)) for (k, v) in kw.items()
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in 
<genexpr>
    (k, self.params[k].convert(v)) for (k, v) in kw.items()
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 852, in 
convert
    return convert(value)
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 839, in 
convert
    return self._convert_scalar(value)
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 2152, in 
_convert_scalar
    return super(Principal, self)._convert_scalar(value)
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 862, in 
_convert_scalar
    raise ConversionError(name=self.name, error=ugettext(self.type_error))
ConversionError: invalid 'krbcanonicalname': must be Kerberos principal


The argument I used in the "service_show" is identical to the argument returned 
from the "whoami" command.
What is even stranger, If I exit the console and try :

api.Command.ipa service-show api-requester/some-host.example....@example.com

I get the expected response.

I ran this on a CentOS 7 IPA client v4.6.5-11.el7.centos.3.x86_64
The server is RHEL 7, IPA/RH-IdM server v4.6.5-11.el7_7.3.x86_64

Any ideas ?


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org