Bug 490226 - Enrollment fails in redhat CS 8.0 Alpha if the ldap name has a period in it.
Enrollment fails in redhat CS 8.0 Alpha if the ldap name has a period in it.
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
unspecified
All Linux
urgent Severity high
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
: TechPreview
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-13 17:51 EDT by Sean Veale
Modified: 2015-01-04 18:37 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Technology Preview
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:33:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
tsp-debug.log of failed enrollment process (16.18 KB, application/octet-stream)
2009-03-13 17:51 EDT, Sean Veale
no flags Details
tks error log when enrolling a user with a period in the name. (12.94 KB, application/octet-stream)
2009-03-17 17:55 EDT, Sean Veale
no flags Details
tps error log when enrolling a user with a period in the name. (14.80 KB, application/octet-stream)
2009-03-17 17:56 EDT, Sean Veale
no flags Details
Error (14) during token enrollment when userid has an '&'. (128.43 KB, image/jpeg)
2009-03-25 19:54 EDT, Asha Akkiangady
no flags Details
TPs debug log attached. (17.96 KB, text/plain)
2009-03-25 19:57 EDT, Asha Akkiangady
no flags Details

  None (edit)
Description Sean Veale 2009-03-13 17:51:44 EDT
Created attachment 335173 [details]
tsp-debug.log of failed enrollment process

Description of problem:
Enrollment fails in redhat CS 8.0 Alpha if the ldap name has a period in it.

Version-Release number of selected component (if applicable):
Redhat CS 8.0 Alpha 

How reproducible:
Always

Steps to Reproduce:
1. Add a user with a period in the user name  (Foo.Bar in this example)
2.Attempt to enroll
3.
  
Actual results:
Enroll fails with error (attaching tail of debug.log

Expected results:
Enrollment succeed.  

Additional info:
Using 330J card
Comment 1 Chandrasekar Kannan 2009-03-13 18:29:26 EDT
Hm. I see the following in the tps debug log

[2009-03-13 15:23:50] dea8d940 HttpConnection::getResponse - Send request to host codeblue.pki.gdc4s.com:13444 servlet /tks/agent/tks/encryptData
[2009-03-13 15:23:50] dea8d940 AP_Session::WriteMsg - pdu_len='5'
[2009-03-13 15:23:50] dea8d940 AP_Session::WriteMsg - Sent 's=46&msg_type=9&pdu_size=5&pdu_data=%B0%58%00%00%0E'
[2009-03-13 15:23:50] dea8d940 AP_Session::ReadMsg - decoded pdu =  (length='2')
[2009-03-13 15:23:50] dea8d940 AP_Session::ReadMsg - 9c 12 
[2009-03-13 15:23:50] dea8d940 AP_Session::WriteMsg - Sent 's=43&msg_type=13&operation=1&result=1&message=29'

Can you provide us with the corresponding TKS debug log as well ?

I'm not sure why username with a period would be the problem. 
can you enroll a username that doesn't have a period ?
Comment 2 Jack Magne 2009-03-13 19:24:36 EDT
After peering at the code, I think I see what is going on.
The TPS is bombing out because it can't add the token to the token db associated with this user, the one with the period included.

This error below:

's=43&msg_type=13&operation=1&result=1&message=29'

Is what is returned when the call to add the token to the db associated with the userid fails.

If you have handy the ldap log for this , it might shed some light on why this record was not correctly written.
Comment 3 Jack Magne 2009-03-16 12:54:44 EDT
The db in question would be the ldap db being used as the token db. The CS.cfg should provide the details on this configuration.
Comment 4 Sean Veale 2009-03-17 17:54:47 EDT
Adding Fresh TPS, TKS. I couldn't find where in (my quick look) where the token db error log is specified in the tps CS.cfg I'm including the audit log
Comment 5 Sean Veale 2009-03-17 17:55:53 EDT
Created attachment 335611 [details]
tks error log when enrolling a user with a period in the name.
Comment 6 Sean Veale 2009-03-17 17:56:38 EDT
Created attachment 335612 [details]
tps error log when enrolling a user with a period in the name.
Comment 7 Sean Veale 2009-03-19 17:21:23 EDT
Actually this bug is a symptom of this bug

Bug ID 490549
	
My test of the period in the name was with a previously enrolled card where the token was deleted manually from the token db..
Comment 8 Asha Akkiangady 2009-03-25 19:54:32 EDT
Created attachment 336727 [details]
Error (14) during token enrollment when userid has an '&'.
Comment 9 Asha Akkiangady 2009-03-25 19:55:54 EDT
I am trying to enroll a user token, getting error (14) 'smart card server authentication failure' when an '&' is present in the userid. Example: ULast1&Last2.
Comment 10 Asha Akkiangady 2009-03-25 19:57:21 EDT
Created attachment 336728 [details]
TPs debug log attached.
Comment 11 Ade Lee 2009-04-21 13:53:29 EDT
This works for me.

I tried the following:
dn: uid=charlie.chaplin,dc=rdu,dc=redhat.period,dc=com

ie. period in both the uid and in the dc=... component.

No problems encountered.


There is a problem in adding an ampersand -- the certs are created, but the uid is incorrect.
uid = charlie&ampersand => uid=charlie
Comment 12 Ade Lee 2009-04-21 14:04:25 EDT
cannot reproduce based on latest code.  Asha, please confirm for "periods" in the ldap name.

Ampersands in the name are not a normal use case.  Please open a medium priority bug for this specific case.
Comment 13 Sean Veale 2009-05-07 10:52:55 EDT
Periods in the name work fine
Comment 14 Asha Akkiangady 2009-05-29 14:53:08 EDT
Verified that tokens can be enrolled/formatted when user id has "period". Opened up a bug for userId with 'ampersand' bz https://bugzilla.redhat.com/show_bug.cgi?id=503234

Note You need to log in before you can comment on or make changes to this bug.