On to, 13 helmi 2020, White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
Alexander,I followed your instructions and ran into a problem. These commands went as described: $ ipa service-add api-requester/`hostname` $ ipa service-allow-retrieve-keytab api-requester/`hostname` --users=me $ ipa service-allow-create-keytab api-requester/`hostname` --users=me $ ipa-getkeytab -Y GSSAPI -k api-requester.keytab -p api-requester/`me` $ KRB5_CLIENT_KTNAME=./api-requester.keytab KRB5CCNAME=./api.ccache ipa console (Custom IPA interactive Python console) api: IPA API object pp: pretty printer api.Command.whoami() {'object': 'service', 'command': 'service_show/1', 'arguments': ('api-requester/some-host.example....@example.com',)} HOWEVER, when I tried this: api.Command.service_show('api-requester/some-host.example....@example.com') I got this error: Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 471, in __do_call params = self.convert(**params) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in convert (k, self.params[k].convert(v)) for (k, v) in kw.items() File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 672, in <genexpr> (k, self.params[k].convert(v)) for (k, v) in kw.items() File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 852, in convert return convert(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 839, in convert return self._convert_scalar(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 2152, in _convert_scalar return super(Principal, self)._convert_scalar(value) File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 862, in _convert_scalar raise ConversionError(name=self.name, error=ugettext(self.type_error)) ConversionError: invalid 'krbcanonicalname': must be Kerberos principal The argument I used in the "service_show" is identical to the argument returned from the "whoami" command. What is even stranger, If I exit the console and try : api.Command.ipa service-show api-requester/some-host.example....@example.com I get the expected response. I ran this on a CentOS 7 IPA client v4.6.5-11.el7.centos.3.x86_64 The server is RHEL 7, IPA/RH-IdM server v4.6.5-11.el7_7.3.x86_64 Any ideas ?
Can you try u'api-requester/...' as an argument to service_show(..)? Python 3 treats strings as unicode by default, Python 2 needs u'...'. When you run ipa CLI commands, we do Unicode transformation ourselves, but inside Python console it is your duty. BTW, note that services as members of group will not work in FreeIPA before 4.7, so you need Fedora or RHEL 8. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
