Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50805

ipa-migrate -Z with invalid cert options fails with 'ValueError: option error'

XMLWordPrintable

    • ipa-4.12.1-4.el10
    • No
    • None
    • 3
    • rhel-sst-idm-ipa
    • ssg_idm
    • 24
    • 26
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2024-Q3-Alpha-S3, 2024-Q3-Alpha-S4, 2024-Q3-Alpha-S5
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      ipa-migrate -Z with invalid cert fails.

      Please provide the package NVR for which bug is seen:

       ipa-server-4.12.1-3.el10.x86_64

      How reproducible: Always.

      Steps to reproduce

      1.  Run ipa-migrate with -Z and invalid cert

      Expected results

      ipa-migrate should warn when invalid vert is used rather than the traceback.

      Actual results

      [root@replica ~]# ipa-migrate stage-mode master.rhel10.test -D 'cn=Directory manager' -w Secret123 -x -n -Z cert.txt 
      Initializing ...
      Connecting to local server ...
      IPA to IPA migration starting ...
      Traceback (most recent call last):
        File "/usr/sbin/ipa-migrate", line 10, in <module>
          ipa_migrate.run()
        File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 2065, in run
          self.do_migration()
        File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 1891, in do_migration
          self.connect_to_remote_ds()
        File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 762, in connect_to_remote_ds
          ds_conn = LDAPClient(ldapuri, cacert=self.args.cacertfile,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 811, in {}init{}
          self._conn = self._connect()
                       ^^^^^^^^^^^^^^^
        File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1224, in _connect
          conn = ldap_initialize(self.ldap_uri, cacertfile=self._cacert)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 138, in ldap_initialize
          conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
        File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 698, in set_option
          return self._ldap_call(self._l.set_option,option,invalue)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
          result = func(args,*kwargs)
                   ^^^^^^^^^^^^^^^^^^^^
      ValueError: option error

              rhn-engineering-mareynol Mark Reynolds
              sumenon@redhat.com Sudhir Menon
              Florence Renaud Florence Renaud
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: