Bug 1748373

With 389-ds-base-1.4.1.7-1.module+el8dsrv+4200+233a821d I can't create an instance with capital letters :/ I think this should be allowed.

>                    if (new_server_id.match(/^[#%:-A-Za-z0-9_]+$/g)) {            

With this regex I'm allowed to have an instance with A and/or Z but not any other capital letters. I think '-' should be moved to the end, after '_'.

Builds tested:                                                                                                                                                 
389-ds-base-1.4.1.9-1.module+el8dsrv+4243+ba0eb3c6.x86_64                                                                                                      
cockpit-389-ds-1.4.1.9-1.module+el8dsrv+4243+ba0eb3c6.noarch                                                                                                   

[1.1] 
Using instance name TestSLAPD_%#ls
I get: 
Error: '%' must be followed by '%' or '(', found: '%#ls'

[1.2]
Without percent (TestSLAPD_#ls) instance creation starts, but then fails:

Sep 27 09:11:31 ldap.example.com ds_systemd_ask_password_acl[11381]: grep: /etc/dirsrv/slapd-TestSLAPD_\x23ls/dse.ldif: No such file or directory                                                                                                                                                                              
Sep 27 09:11:31 ldap.example.com ns-slapd[11386]: [27/Sep/2019:09:11:31.192575759 -0400] - INFO - dse_check_file - The config /etc/dirsrv/slapd-TestSLAPD_\x23ls/dse.ldif can not be accessed. Attempting restore ... (reason: 0)                                                                                              
Sep 27 09:11:31 ldap.example.com ns-slapd[11386]: [27/Sep/2019:09:11:31.192715137 -0400] - INFO - dse_check_file - The backup /etc/dirsrv/slapd-TestSLAPD_\x23ls/dse.ldif.bak can not be accessed. Check it exists and permissions.                                                                                            
Sep 27 09:11:31 ldap.example.com ns-slapd[11386]: [27/Sep/2019:09:11:31.192719228 -0400] - ERR - slapd_bootstrap_config - No valid configurations can be accessed! You must restore /etc/dirsrv/slapd-TestSLAPD_\x23ls/dse.ldif from backup!                                                                                   
Sep 27 09:11:31 ldap.example.com ns-slapd[11386]: [27/Sep/2019:09:11:31.192722633 -0400] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-TestSLAPD_\x23ls could not be read or were not found.  Please refer to the error log or output for more information.                                          
Sep 27 09:11:31 ldap.example.com systemd[1]: dirsrv@TestSLAPD_\x23ls.service: Main process exited, code=exited, status=1/FAILURE                                                                                                                                                                                               
Sep 27 09:11:31 ldap.example.com systemd[1]: dirsrv@TestSLAPD_\x23ls.service: Failed with result 'exit-code'.                                                                                                                                                                                                                  
Sep 27 09:11:31 ldap.example.com systemd[1]: Failed to start 389 Directory Server TestSLAPD_\x23ls..   

[2]
When I'm trying port number -1, I get:
Error: Port must be a number between 1 and 65534!
Although it accepts 65535 (as it should).


[3]
non-ASCII input is accepted for Directory Manager DN, it fails as described in comment #0.

Marking as ASSIGNED.

Build tested: cockpit-389-ds-1.4.2.12-1.module+el8dsrv+6328+f04d7471.noarch

[1.1] 
Using instance name TestSLAPD_%#ls
I get an error saying instance creation failed, but no details why.

[1.2]
Same issue as in comment #4.

[2]
I have error message 'Error: Port must be a number between 1 and 65534!'
But the field allows to set from 0 to 65535:
<input min="0" max="65535" type="number" id="nsslapd-port" class="form-control" value="389">

[3]
Same issue as in comment #0

Marking as ASSIGNED.

So we always allowed: %#  in instance names, but systemd will reject instances that contain these characters without special escaping.  I think we should just simply not allow instance names with these characters.  This only impacts new instances, and since we never documented what are valid/invalid characters I feel it's okay to reject them now.  Any complaints or comments from anyone?

I agree with your proposal alphanum plus a set of characters like: +=-_@!:<>

*** Bug 1751132 has been marked as a duplicate of this bug. ***

Build tested: cockpit-389-ds-1.4.2.12-3.module+el8dsrv+6923+6ab1d5c5.noarch

[1.1] 
Using instance name TestSLAPD_%#ls
I get an error saying instance creation failed, but no details why.

[1.2]
I get an error saying instance creation failed, but no details why.

[2]
I have error message 'Error: Port must be a number between 1 and 65534!'
But the field allows to set from 0 to 65535:
<input min="0" max="65535" type="number" id="nsslapd-port" class="form-control" value="389">

[3]
Non-ASCII input is accepted, but the instance creation fails and it doesn't leave the remainings of partially installed instance.



Because of [2] marking as ASSIGNED.

The change needs to be included into the new build.
https://pagure.io/389-ds-base/issue/51086

With build 
389-ds-base-1.4.3.11-1.module+el8dsrv+7557+bc264682.x86_64
cockpit-389-ds-1.4.3.11-1.module+el8dsrv+7557+bc264682.noarch

[1.1 & 1.2] 
non allowed characters in instance name are now rejected and a helpful error messgae is displayed :
 Instance name can only contain letters, numbers, and these 4 characters: - @ : _

[1.3]
The length on the instance name is limited, but the error message appears only after clicking on 'create instance', not immediately when entering characters, as it is the case for unsupported characters ('server identifier should not be longer than 80 symbols')
For consistency and to improve the user experience, the GUI should prevent to file other fields and go to the end of the form if all is not correct in the instance name.

[2]
The error message is still 'invalid (Secure) Port number. Port must be between 1 and 65534' when the maximum allowed port number is 65535
In addition, the up/down arrow on the right should not go down under 1 (it goes to 0, even if 0 is not allowed)

[3]
some cases of non-ASCII input are still accepted for Directory Manager DN : for example : cn=Д(qdFDFL)
It seems that the '(' just after the non authorized character disables the checking, and let the DN be created, even if the instance is not usable after creation :

[16/Sep/2020:08:43:26.300623191 -0400] conn=1 op=0 BIND dn="cn=Д(qdFDFL)" method=128 version=3
[16/Sep/2020:08:43:26.300714199 -0400] conn=1 op=0 RESULT err=49 tag=97 nentries=0 wtime=0.001112650 optime=0.000118982 etime=0.001229489 - No suffix for bind dn found


Because of [1.3], [2] and [3], marking as ASSIGNED

Fixed upstream:

https://github.com/389ds/389-ds-base/issues/4342

with build 389-ds-base-1.4.3.13-1.module+el8dsrv+8334+69a46a2e.x86_64 / cockpit-389-ds-1.4.3.13-1.module+el8dsrv+8334+69a46a2e.noarch

The previously remaining failing items ([1.3], [2] and [3] in comment 21) are now fixed :
[1.3] 
A warning now appears as soon as 80 characters are reached in the instance name field

[2]
Warning regarding port number range has been updated to "The port must be between 1 and 65535"

[3]
The directory manager DN does not accept any non-Ascii characters, whatever their position is 

-> marking as verified

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Directory Server bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4911