[Freeipa-users] ipa-server-install problem
Josh
jokajak at gmail.com
Tue Jun 18 17:23:20 UTC 2013
On 06/14/2013 10:31 AM, Petr Viktorin wrote:
> On 06/14/2013 03:37 PM, Josh wrote:
>> I'm trying to install freeipa on RHEL6.4 running version
>> ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
>> "Configuration of CA failed". I believe the problem is that the python
>> used to generate the perl command doesn't wrap any of the arguments in
>> quotes.
>
> The command doesn't go through the shell so quoting is not necessary.
> I can see how the the log line is confusing, though; I filed
> https://fedorahosted.org/freeipa/ticket/3724.
>
While that may be true, the attached patch fixed it so that I could run
the installer. I agree that according to the code it should not have
choked on the spaces because of the subprocess.Popen doesn't specify
shell=True. Any ideas why it needed the spaces quoted?
-josh
> <snip>
> Adding Ade (a Dogtag developer) to CC, he might be able to help.
>
-------------- next part --------------
--- cainstance.py 2013-06-18 13:20:02.840964013 -0400
+++ cainstance.py.shell 2013-06-18 13:21:12.879281242 -0400
@@ -806,7 +806,7 @@ class CAInstance(service.Service):
"-agent_cert_subject", str(DN(('CN', 'ipa-ca-agent'), self.subject_base)),
"-ldap_host", self.fqdn,
"-ldap_port", str(self.ds_port),
- "-bind_dn", "cn=Directory Manager",
+ "-bind_dn", ipautil.shell_quote("cn=Directory Manager"),
"-bind_password", self.dm_password,
"-base_dn", str(self.basedn),
"-db_name", "ipaca",
@@ -817,12 +817,12 @@ class CAInstance(service.Service):
"-backup_pwd", self.admin_password,
"-subsystem_name", self.service_name,
"-token_name", "internal",
- "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)),
- "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)),
- "-ca_ocsp_cert_subject_name", str(DN(('CN', 'OCSP Subsystem'), self.subject_base)),
+ "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+ "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))),
+ "-ca_ocsp_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'OCSP Subsystem'), self.subject_base))),
"-ca_server_cert_subject_name", str(DN(('CN', self.fqdn), self.subject_base)),
- "-ca_audit_signing_cert_subject_name", str(DN(('CN', 'CA Audit'), self.subject_base)),
- "-ca_sign_cert_subject_name", str(DN(('CN', 'Certificate Authority'), self.subject_base)) ]
+ "-ca_audit_signing_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Audit'), self.subject_base))),
+ "-ca_sign_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'Certificate Authority'), self.subject_base))) ]
if self.external == 1:
args.append("-external")
args.append("true")
More information about the Freeipa-users
mailing list