Nico Maas via FreeIPA-users wrote:
Thank you all, I could resolve the issue. Problem was a somewhat
faulty certificate that a user had loaded into the userCertificate attribute of its LDAP
entry.
I could see it by using cat /var/log/httpd/error_log
ValueError: unable to convert the attribute 'usercertificate' value
b'-----BEGIN CERTIFICATE-----\\nMIIEaDCCA1CgAwIBAgI .... X5xy7CQ==\\n-----END
CERTIFICATE-----\\n' to type <class
'cryptography.x509.base.Certificate'> in LDAP entry
'uid=test-user,cn=users,cn=accounts,dc=test,dc=intra'
removing the userCertificate attribute of this entry got all 3 freeIPA instances back
running and the web interface error free.
Do you have any more details on this? Was the 903 thrown only for this
user or for all users? I'm interested to know if a bad cert in one user
could affect all.
thanks
rob