[Freeipa-users] upstream ipa on centos inside openvz container

[Angel Marin]

Rob Crittenden wrote:
> Ivan Levchenko wrote:
>> Angel Marin wrote:
>>>
>>> When we did the first tests here, the slapd setup scripts seemed to
>>> be kind of buggy while dealing with input it doen't like. For example
>>> a directory service admin password containing same special chars
>>> (can't remember which) generated an invalid dse.ldif config section.
>>> To make things worse slapd segfaulted instead of dealing with it more
>>> gracefully.
>>>
>>> Try running ns-slapd with debug enabled or inside gdb, it should give
>>> you a hint on what attribute is making it choke.
>>>
>>
>> You're right, I did use a password with some special chars =)
> 
> We should probably file a bug against the FDS to get this fixed. What
> special characters did you use?

It's been on my TODO for a while, but haven't had the time to pinpoint
which chars are a problem to what attributes.

There are at least two different issues here:

 1. FDS segfaults when it doesn't like what it finds on some attributes.
For example leave an empty nsslapd-rootpw in dse.ldif and FDS crashes.

 2. IPA setup script generates an empty nsslapd-rootpw when the
directory server admin password typed contains certain chars. I think it
was at least '. Same password provided for kdc admin user does not
exhibit this problem (same setup script a couple steps later).

> I should note that IPA isn't fully internationalized yet and you may
> have problems if you use non-ascii characters for login or group names.

-- 
Angel Marin
http://anmar.eu.org/