|
 |
177dc6 |
From 4db18be5467c0b8f7633b281c724f469f907e573 Mon Sep 17 00:00:00 2001
|
|
|
177dc6 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
177dc6 |
Date: Jan 13 2020 12:08:19 +0000
|
|
|
177dc6 |
Subject: AD user without override receive InternalServerError with API
|
|
|
177dc6 |
|
|
|
177dc6 |
|
|
|
177dc6 |
When ipa commands are used by an Active Directory user that
|
|
|
177dc6 |
does not have any idoverride-user set, they return the
|
|
|
177dc6 |
following error message which can be misleading:
|
|
|
177dc6 |
$ kinit aduser@ADDOMAIN.COM
|
|
|
177dc6 |
$ ipa ping
|
|
|
177dc6 |
ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Internal Server Error
|
|
|
177dc6 |
|
|
|
177dc6 |
The fix properly handles ACIError exception received when
|
|
|
177dc6 |
creating the context, and now the following message can be seen:
|
|
|
177dc6 |
|
|
|
177dc6 |
$ kinit aduser@ADDOMAIN.COM
|
|
|
177dc6 |
$ ipa ping
|
|
|
177dc6 |
ipa: ERROR: cannot connect to 'https://master.ipa.com/ipa/json': Unauthorized
|
|
|
177dc6 |
|
|
|
177dc6 |
with the following log in /var/log/httpd/error_log:
|
|
|
177dc6 |
ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credentials
|
|
|
177dc6 |
|
|
|
177dc6 |
Fixes: https://pagure.io/freeipa/issue/8163
|
|
|
177dc6 |
|
|
|
177dc6 |
---
|
|
|
177dc6 |
|
|
|
177dc6 |
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
|
|
|
177dc6 |
index 0495557..194cbbc 100644
|
|
|
177dc6 |
--- a/ipaserver/rpcserver.py
|
|
|
177dc6 |
+++ b/ipaserver/rpcserver.py
|
|
|
177dc6 |
@@ -694,7 +694,7 @@ class KerberosWSGIExecutioner(WSGIExecutioner, KerberosSession):
|
|
|
177dc6 |
status = HTTP_STATUS_SUCCESS
|
|
|
177dc6 |
response = status.encode('utf-8')
|
|
|
177dc6 |
start_response(status, self.headers)
|
|
|
177dc6 |
- return self.marshal(None, e)
|
|
|
177dc6 |
+ return [self.marshal(None, e)]
|
|
|
177dc6 |
finally:
|
|
|
177dc6 |
destroy_context()
|
|
|
177dc6 |
return response
|
|
|
177dc6 |
|