Nico Maas via FreeIPA-users wrote: > Thank you all, I could resolve the issue. Problem was a somewhat faulty > certificate that a user had loaded into the userCertificate attribute of its > LDAP entry. > > I could see it by using cat /var/log/httpd/error_log > > ValueError: unable to convert the attribute 'usercertificate' value > b'-----BEGIN CERTIFICATE-----\\nMIIEaDCCA1CgAwIBAgI .... X5xy7CQ==\\n-----END > CERTIFICATE-----\\n' to type <class 'cryptography.x509.base.Certificate'> in > LDAP entry 'uid=test-user,cn=users,cn=accounts,dc=test,dc=intra' > > removing the userCertificate attribute of this entry got all 3 freeIPA > instances back running and the web interface error free.
Do you have any more details on this? Was the 903 thrown only for this user or for all users? I'm interested to know if a bad cert in one user could affect all. thanks rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
