[Freeipa-users] Re: `ipactl restart` fails with `Unknown error when retrieving list of services from LDAP: not enough values to unpack (expected 2, got 1)`

[Rob Crittenden via FreeIPA-users]

Andrea Stacchiotti via FreeIPA-users wrote:
> Thank you for your answer.
> 
> There is no record in the /var/log/dirsrv/slapd-REALM/access logfile at the 
> time of `ipact start`, which means it didn't even get to the query.
> 
> To get kinit and ldapsearch to work I had to reinstall ipa, when I do I get a 
> valid kerberos token and a good result, see at the bottom.
> 
> Then I try `ipactl restart` and I get the same bug again, now the services 
> are down and I can't bring them up, unless I reinstall.
> My team is trying different installation methods and OSes, maybe we can 
> figure it out.
> 
> Any help is appreciated.
> 
> [root@ipa-innovation slapd-PRIVATE-ACUS-EU]# klist
> Ticket cache: KCM:0
> Default principal: ad...@private.acus.eu
> 
> Valid starting       Expires              Service principal
> 05/09/2024 15:39:44  05/10/2024 15:04:45  
> krbtgt/private.acus...@private.acus.eu
> [root@ipa-innovation slapd-PRIVATE-ACUS-EU]# ldapsearch -o ldif-wrap=no -LLL 
> -Q -Y GSSAPI -b 
> cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
>  
> "(&(objectClass=ipaConfigObject)(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))"
>  cn ipaConfigString
> dn: 
> cn=KDC,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
> cn: KDC
> ipaConfigString: startOrder 10
> ipaConfigString: pacTktSignSupported
> ipaConfigString: kdcProxyEnabled
> ipaConfigString: enabledService
> 
> dn: 
> cn=KPASSWD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
> cn: KPASSWD
> ipaConfigString: startOrder 20
> ipaConfigString: enabledService
> 
> dn: 
> cn=KEYS,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
> cn: KEYS
> ipaConfigString: startOrder 41
> ipaConfigString: enabledService
> 
> dn: 
> cn=OTPD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
> cn: OTPD
> ipaConfigString: startOrder 80
> ipaConfigString: enabledService
> 
> dn: 
> cn=HTTP,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
> cn: HTTP
> ipaConfigString: startOrder 40
> ipaConfigString: enabledService

The only split()s in ipactl, which is likely the source of the error,
are separating the hostname from the port in the ldap_url when it is not
an ldapi url and separating startOrder from its precedence. Those values
look correct.

rob
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue