Hello, On (self-supported) RHEL 8, since the last update, we are not able to login to the Web UI anymore. IPA package version is: 4.9.2-4.module+el8.4.0+11156+94d209c1
In Firefox we get: IPA Error 903: InternalError an internal error has occurred and then: Web UI got in unrecoverable state during "metadata" phase. In the httpd error log we see: [Sat Nov 06 07:05:05.971287 2021] ipa: ERROR: non-public: KeyError: 'ipatrustedaddomainrange' [Sat Nov 06 07:05:05.971311 2021] Traceback (most recent call last): [Sat Nov 06 07:05:05.971315 2021] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 397, in wsgi_execute [Sat Nov 06 07:05:05.971317 2021] result = command(*args, **options) [Sat Nov 06 07:05:05.971320 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 471, in __call__ [Sat Nov 06 07:05:05.971322 2021] return self.__do_call(*args, **options) [Sat Nov 06 07:05:05.971324 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 499, in __do_call [Sat Nov 06 07:05:05.971327 2021] ret = self.run(*args, **options) [Sat Nov 06 07:05:05.971329 2021] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 821, in run [Sat Nov 06 07:05:05.971331 2021] return self.execute(*args, **options) [Sat Nov 06 07:05:05.971334 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 126, in execute [Sat Nov 06 07:05:05.971336 2021] (o.name, json_serialize(o)) for o in self.api.Object() [Sat Nov 06 07:05:05.971339 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 127, in <genexpr> [Sat Nov 06 07:05:05.971341 2021] if o is self.api.Object[o.name] [Sat Nov 06 07:05:05.971343 2021] File "/usr/lib/python3.6/site-packages/ipalib/util.py", line 106, in json_serialize [Sat Nov 06 07:05:05.971346 2021] return json_serialize(obj.__json__()) [Sat Nov 06 07:05:05.971348 2021] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 889, in __json__ [Sat Nov 06 07:05:05.971351 2021] attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses) [Sat Nov 06 07:05:05.971353 2021] File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 378, in attribute_types [Sat Nov 06 07:05:05.971355 2021] object_class = self.sed[ObjectClass][object_class_oid] [Sat Nov 06 07:05:05.971368 2021] KeyError: 'ipatrustedaddomainrange' In order to analyse, we configured /etc/ipa/server.conf as: [global] debug=true and restarted IPA. And it is sometimes working again (not clear whether this is thanks to this file, or because of the restart), but then after a while it is failing again. We ran ipa-server-upgrade manually (successful). All ipa services are up, Kerberos login works fine. ipa-healthcheck does not return any warning or error. We are *not* using AD integration at all. The package ipa-server-trust-ad is not installed. Does this ring a bell to you? How should we analyse further? Thanks in advance for your help! Mathieu _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
