| Summary: | invalid Directory Manager password causes ipaserver-install to fail with "Exception in CertSubjectPanel(): java.lang.IndexOutOfBoundsException" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Ronald van Zantvoort <the.loeki> | ||||
| Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 2.0 | CC: | benl, dpal, jgalipea, mkosek | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | freeipa-2.1.3-5.fc16 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 740403 (view as bug list) | Environment: | |||||
| Last Closed: | 2012-03-28 09:27:59 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 740403 | ||||||
| Attachments: |
|
||||||
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1636 Fixed upstream: master: 209bcb0b98daf7edbea2c7428f6fe5f109e74e49 ipa-2-1: 428d8c4a2d4e45cd78a185f7824a76daacce8e16 |
Created attachment 510125 [details] debug log of error'ed install Description of problem: When running ipaserver-install and choosing a Directory Manager password with a backslash in it, ipaserver-install will fail with a cryptic Exception: ERROR: Tag=CertReqPair has no values tag=Nickname value=caSigningCert cert-pki-ca tag=Nickname value=ocspSigningCert cert-pki-ca tag=Nickname value=Server-Cert cert-pki-ca tag=Nickname value=subsystemCert cert-pki-ca tag=Nickname value=auditSigningCert cert-pki-ca req_list_size=5 cert_list_size=0 dn_list_size=5 Exception in CertSubjectPanel(): java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 ERROR: ConfigureCA: CertSubjectPanel() failure ERROR: unable to create CA ####################################################################### 2011-06-27 20:56:20,748 DEBUG stderr=java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at ConfigureCA.CertSubjectPanel(ConfigureCA.java:733) at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1316) at ConfigureCA.main(ConfigureCA.java:1761) 2011-06-27 20:56:20,748 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa01.office.aboveit.nl -cs_port 9445 -client_certdb_dir /tmp/tmp-kI8P1V -client_certdb_pwd 'XXXXXXXX' -preop_pin ly77FHMU7qr5auedXRdj -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=ABOVEIT" -ldap_host ipa01.office.aboveit.nl -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=ABOVEIT" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=ABOVEIT" -ca_server_cert_subject_name "CN=ipa01.office.aboveit.nl,O=ABOVEIT" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=ABOVEIT" -ca_sign_cert_subject_name "CN=Certificate Authority,O=ABOVEIT" -external false -clone false' returned non-zero exit status 255 2011-06-27 20:56:20,749 DEBUG Configuration of CA failed File "/usr/sbin/ipa-server-install", line 944, in <module> sys.exit(main()) File "/usr/sbin/ipa-server-install", line 734, in main subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance self.start_creation("Configuring certificate server", 360) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 301, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 678, in __configure_instance raise RuntimeError('Configuration of CA failed') Version-Release number of selected component (if applicable): RHEL6.1, up-to-date as per report date. ipa-pki-ca-theme-9.0.3-6.el6.noarch python-iniparse-0.3.1-2.1.el6.noarch ipa-client-2.0.0-23.el6_1.1.x86_64 ipa-server-2.0.0-23.el6_1.1.x86_64 ipa-pki-common-theme-9.0.3-6.el6.noarch ipa-admintools-2.0.0-23.el6_1.1.x86_64 ipa-server-selinux-2.0.0-23.el6_1.1.x86_64 ipa-python-2.0.0-23.el6_1.1.x86_64 pki-symkey-9.0.3-10.el6.x86_64 pki-util-9.0.3-10.el6.noarch pki-silent-9.0.3-10.el6.noarch ipa-pki-ca-theme-9.0.3-6.el6.noarch pki-native-tools-9.0.3-10.el6.x86_64 pki-java-tools-9.0.3-10.el6.noarch pki-setup-9.0.3-10.el6.noarch pki-ca-9.0.3-10.el6.noarch ipa-pki-common-theme-9.0.3-6.el6.noarch pki-selinux-9.0.3-10.el6.noarch pki-common-9.0.3-10.el6.noarch krb5-pkinit-openssl-1.9-9.el6.x86_64 How reproducible: Run ipaserver-install; when asked for the Directory Manager password input a password with a backslash in it. Afterwards, you can check by redoing the same install but choosing another pw withouth the backslash, which will be allright. Additional info: I'm pretty sure there's supposed to be more than just subject_base on that line referencing line 734