Rob Verduijn via FreeIPA-users wrote:
> thanx
>
> any clues about the other errors?
It isn't a dbus issue because the other certmonger requests are working
fine. In the past this has been caused by missing expected (assumed)
entries.
Can you share the output of getcert-list and getcert list-cas?
and:
ipa-healthcheck --debug --source ipahealthcheck.ipa.certs --check
IPACertmongerCA
rob
>
> ipa-healthcheck
> args=({'msgtype': 101, 'msgid': 3, 'result': 32, 'desc': 'No such
> object', 'ctrls': [], 'ldap_request':
> "search_ext_s(('cn=changelog5,cn=config', 0,
> '(objectClass=*)'),{'attrlist': ['nsslapd-changelogmaxentries'],
> 'serverctrls': None, '
> clientctrls': None, 'escapehatch': 'i am sure'}) on instance
> TJAKO-THUIS"},)
> [
> {
> "source": "ipahealthcheck.ipa.certs",
> "check": "IPACertTracking",
> "result": "CRITICAL",
> "uuid": "6bab1187-3285-4059-9f92-a6e8fba54d2f",
> "when": "20221119105634Z",
> "duration": "0.721246",
> "kw": {
> "exception": "bus, object_path and dbus_interface must not be None."
> }
> },
> {
> "source": "ipahealthcheck.ipa.certs",
> "check": "IPACertDNSSAN",
> "result": "CRITICAL",
> "uuid": "b13b939b-9b8d-4893-ba31-da2dd203551a",
> "when": "20221119105635Z",
> "duration": "0.683679",
> "kw": {
> "exception": "bus, object_path and dbus_interface must not be None."
> }
> },
> {
> "source": "ipahealthcheck.ipa.certs",
> "check": "IPACertRevocation",
> "result": "CRITICAL",
> "uuid": "a235463c-85cd-4277-8ee8-a10a0fcc6e5c",
> "when": "20221119105638Z",
> "duration": "0.655251",
> "kw": {
> "exception": "bus, object_path and dbus_interface must not be None."
> }
> },
> {
> "source": "ipahealthcheck.ipa.files",
> "check": "IPAFileCheck",
> "result": "CRITICAL",
> "uuid": "85deeb45-7e32-4f00-b2ab-a9b0484242c7",
> "when": "20221119105639Z",
> "duration": "0.083885",
> "kw": {
> "exception": "bus, object_path and dbus_interface must not be None."
> }
> }
> ]
>
>
>
> Op zo 20 nov. 2022 om 17:08 schreef Mark Reynolds <mareynol@redhat.com
> <mailto:mareynol@redhat.com>>:
>
>
> On 11/20/22 10:51 AM, Rob Verduijn wrote:
>>
>>
>> Op zo 20 nov. 2022 15:57 schreef Mark Reynolds
>> <mareynol@redhat.com <mailto:mareynol@redhat.com>>:
>>
>>
>> On 11/20/22 9:06 AM, Sam Morris via FreeIPA-users wrote:
>> > On Sat, 2022-11-19 at 11:57 +0100, Rob Verduijn via
>> FreeIPA-users
>> > wrote:
>> >> Hi all,
>> >>
>> >> I managed to get rid of another error but I still have
>> plenty erros
>> >> left.
>> >>
>> >> Any help would be apreciated.
>> >>
>> >> ipa-healthcheck errors remaining:
>> >>
>> >> ipa-healthcheck
>> >> args=({'msgtype': 101, 'msgid': 3, 'result': 32, 'desc':
>> 'No such
>> >> object', 'ctrls': [], 'ldap_request':
>> >> "search_ext_s(('cn=changelog5,cn=config', 0,
>> >> '(objectClass=*)'),{'attrlist':
>> ['nsslapd-changelogmaxentries'],
>> >> 'serverctrls': None,'
>> >> clientctrls': None, 'escapehatch': 'i am sure'}) on
>> instance TJAKO-
>> >> THUIS"},)
>> > Is this your server telling you that the entry
>> cn=changelog5,cn=config
>> > does not exist? That sounds pretty bad... try running this
>> (change IPA-
>> > EXAMPLE-COM to the name of your dirsrv instance):
>> >
>> > ldapsearch -H ldapi://%2frun%2fslapd-IPA-EXAMPLE-COM.socket
>> -Y EXTERNAL
>> > -b cn=changelog5,cn=config -s base
>>
>> This is fine actually. This is a bug we are looking into. It
>> should not
>> be outputting that exception. It just checking if a backend
>> has a
>> changelog, not that it's expecting one. This can be ignored.
>>
>> Mark
>>
>> Can you share a link to this bug?
>>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2115254
>
>>
>>
>>
>>
>> >
>> >> {
>> >> "source": "ipahealthcheck.ipa.certs",
>> >> "check": "IPACertTracking",
>> >> "result": "CRITICAL",
>> >> "uuid": "6bab1187-3285-4059-9f92-a6e8fba54d2f",
>> >> "when": "20221119105634Z",
>> >> "duration": "0.721246",
>> >> "kw": {
>> >> "exception": "bus, object_path and dbus_interface
>> must not be
>> >> None."
>> >> }
>> >> },
>> > These look like D-Bus-related errors. Is certmonger started,
>> can you
>> > run 'getcert list'?
>> >
>> --
>> Directory Server Development Team
>>
> --
> Directory Server Development Team
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
>