[Freeipa-users] ipa-server-install problem

Josh jokajak at gmail.com
Tue Jun 18 17:23:20 UTC 2013 

On 06/14/2013 10:31 AM, Petr Viktorin wrote:
> On 06/14/2013 03:37 PM, Josh wrote:
>> I'm trying to install freeipa on RHEL6.4 running version
>> ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
>> "Configuration of CA failed".  I believe the problem is that the python
>> used to generate the perl command doesn't wrap any of the arguments in
>> quotes.
>
> The command doesn't go through the shell so quoting is not necessary. 
> I can see how the the log line is confusing, though; I filed 
> https://fedorahosted.org/freeipa/ticket/3724.
>
While that may be true, the attached patch fixed it so that I could run 
the installer.  I agree that according to the code it should not have 
choked on the spaces because of the subprocess.Popen doesn't specify 
shell=True.  Any ideas why it needed the spaces quoted?

-josh
> <snip>
> Adding Ade (a Dogtag developer) to CC, he might be able to help.
>

-------------- next part --------------
--- cainstance.py	2013-06-18 13:20:02.840964013 -0400
+++ cainstance.py.shell	2013-06-18 13:21:12.879281242 -0400
@@ -806,7 +806,7 @@ class CAInstance(service.Service):
                     "-agent_cert_subject", str(DN(('CN', 'ipa-ca-agent'), self.subject_base)),
                     "-ldap_host", self.fqdn,
                     "-ldap_port", str(self.ds_port),
-                    "-bind_dn", "cn=Directory Manager",
+                    "-bind_dn", ipautil.shell_quote("cn=Directory Manager"),
                     "-bind_password", self.dm_password,
                     "-base_dn", str(self.basedn),
                     "-db_name", "ipaca",
@@ -817,12 +817,12 @@ class CAInstance(service.Service):
                     "-backup_pwd", self.admin_password,
                     "-subsystem_name", self.service_name,
                     "-token_name", "internal",
-                    "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)),
-                    "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)),
-                    "-ca_ocsp_cert_subject_name", str(DN(('CN', 'OCSP Subsystem'), self.subject_base)),
+                    "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+                    "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+                    "-ca_ocsp_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'OCSP Subsystem'), self.subject_base))),
                     "-ca_server_cert_subject_name", str(DN(('CN', self.fqdn), self.subject_base)),
-                    "-ca_audit_signing_cert_subject_name", str(DN(('CN', 'CA Audit'), self.subject_base)),
-                    "-ca_sign_cert_subject_name", str(DN(('CN', 'Certificate Authority'), self.subject_base)) ]
+                    "-ca_audit_signing_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Audit'), self.subject_base))),
+                    "-ca_sign_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'Certificate Authority'), self.subject_base))) ]
             if self.external == 1:
                 args.append("-external")
                 args.append("true")

More information about the Freeipa-users mailing list