Cannot perform certificate auto-enroll without NDES installed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adsys (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys.
Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP.
Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following:
2024-01-08 16:11:07.
2024-01-08 16:11:07.
2024-01-08 16:11:07.
Traceback (most recent call last):
File "<string>", line 142, in <module>
File "<string>", line 89, in main
File "<string>", line 20, in enroll
File "/usr/share/
self.
File "/usr/share/
data = applier_func(*args, **kwargs)
File "/usr/share/
root_certs = getca(ca, url, trust_dir)
File "/usr/share/
cert = load_der_
File "/usr/lib/
return rust_x509.
TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes'
Changed in adsys (Ubuntu): | |
status: | New → Fix Committed |
This bug was fixed in the package adsys - 0.13.3
---------------
adsys (0.13.3) noble; urgency=medium
* Fix cert auto-enroll without NDES (LP: #2051363) download- artifact upload- artifact com/charmbracel et/bubbles com/charmbracel et/bubbletea com/google/ uuid com/spf13/ viper golang. org/grpc golang. org/protobuf
* Refresh policy definition files (remove Lunar support)
* CI and quality of life changes not impacting package functionality:
- Bump github actions to latest:
- actions/
- actions/setup-go
- actions/
* Update dependencies to latest:
- github.
- github.
- github.
- github.
- golang.org/x/crypto
- golang.org/x/net
- golang.org/x/sync
- golang.org/x/sys
- google.
- google.
-- Gabriel Nagy <email address hidden> Fri, 26 Jan 2024 13:57:46 +0200